guzzlehttp/psr7 is vulnerable to improper input validation. The vulnerability exists in the normalizeHeaderValue
function in the MessageTrait.php
file allowing an attacker to modify the new line character with an untrusted value.
github.com/guzzle/psr7/commit/902db15a551a4a415e732b622282e21ce1b508b4
github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
github.com/guzzle/psr7/pull/486
github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
www.drupal.org/sa-core-2022-006