Lucene search
Veracode Vulnerability DatabaseVERACODE:34782HistoryMar 22, 2022 - 6:41 a.m.
Improper Input Validation
2022-03-2206:41:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
0.001 Low
EPSS
Percentile
40.4%
guzzlehttp/psr7 is vulnerable to improper input validation. The vulnerability exists in the normalizeHeaderValue function in the MessageTrait.php file allowing an attacker to modify the new line character with an untrusted value.
References
github.com/guzzle/psr7/commit/902db15a551a4a415e732b622282e21ce1b508b4
github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
github.com/guzzle/psr7/pull/486
github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
www.drupal.org/sa-core-2022-006
Related
ubuntucve
ubuntucve
CVE-2022-24775
2022-03-21 00:00:00
CVE-2023-29197
2023-04-17 00:00:00
prion
prion
Input validation
2022-03-21 19:15:00
Design/Logic Flaw
2023-04-17 22:15:00
debiancve
debiancve
CVE-2022-24775
2022-03-21 19:15:11
CVE-2023-29197
2023-04-17 22:15:09
cvelist
cvelist
CVE-2022-24775 Improper Input Validation in guzzlehttp/psr7
2022-03-21 19:00:17
CVE-2023-29197 Improper header name validation in guzzlehttp/psr7
2023-04-17 21:08:46
nvd
nvd
CVE-2022-24775
2022-03-21 19:15:11
CVE-2023-29197
2023-04-17 22:15:09
openvas
openvas
Drupal Vulnerability in Third-party Library (SA-CORE-2022-006) - Windows
2022-03-22 00:00:00
Drupal Vulnerability in Third-party Library (SA-CORE-2022-006) - Linux
2022-03-22 00:00:00
Ubuntu: Security Advisory (USN-6670-1)
2024-03-01 00:00:00
friendsofphp
friendsofphp
Inproper parsing of HTTP headers
2022-03-20 13:44:00
drupal
drupal
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-006
2022-03-21 00:00:00
cve
cve
CVE-2022-24775
2022-03-21 19:15:11
CVE-2023-29197
2023-04-17 22:15:09
github
github
Improper Input Validation in guzzlehttp/psr7
2022-03-25 19:26:33
nessus
nessus
Drupal 9.2.x < 9.2.16 / 9.3.x < 9.3.9 Drupal Vulnerability (SA-CORE-2022-006)
2022-03-22 00:00:00
Fedora 37 : php-nyholm-psr7 (2023-c29ae4c76f)
2023-04-28 00:00:00
Fedora 38 : php-nyholm-psr7 (2023-b0811dc6e4)
2023-04-29 00:00:00
debian
debian
[SECURITY] [DLA 3705-1] php-guzzlehttp-psr7 security update
2023-12-31 22:52:23
osv
osv
php-guzzlehttp-psr7 vulnerabilities
2024-02-29 15:52:29
Improper header name validation in guzzlehttp/psr7
2023-04-19 18:25:53
CVE-2023-29530
2023-04-24 20:15:08
ubuntu
ubuntu
php-guzzlehttp-psr7 vulnerabilities
2024-02-29 00:00:00