slim/psr7 is vulnerable to Insecure Header Validation. The vulnerability exists in the validateHeaderName
function in Headers.php
, which allows an attacker to sneak in a newline (\n
) into header names and values, potentially resulting in HTTP cache poisoning or phishing attacks.