Guzzlehttp Psr7 vulnerabilities
2 known vulnerabilities affecting guzzlehttp/psr7.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-29197MEDIUMExploited≥ 0, < 1.9.1≥ 2.0.0, < 2.4.52023-04-19
CVE-2023-29197 [MEDIUM] CWE-436 Improper header name validation in guzzlehttp/psr7
Improper header name validation in guzzlehttp/psr7
### Impact
Improper header parsing. An attacker could sneak in a newline (`\n`) into both the header names and values. While the specification states that `\r\n\r\n` is used to terminate the header list, many servers in the wild will also accept `\n\n`.
### Patches
The issue is patched in 1.9.1 and 2.4.5.
### Workarounds
There are no known workarounds.
###
ghsaosv
CVE-2022-24775MEDIUM≥ 0, < 1.8.4≥ 2.0.0, < 2.1.12022-03-25
CVE-2022-24775 [MEDIUM] CWE-20 Improper Input Validation in guzzlehttp/psr7
Improper Input Validation in guzzlehttp/psr7
### Impact
Improper header parsing. An attacker could sneak in a carriage return character (`\r`) and pass untrusted values in both the header names and values.
### Patches
The issue is patched in 1.8.4 and 2.1.1.
### Workarounds
There are no known workarounds.
### References
* https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
ghsaosv