Guzzlephp Guzzle vulnerabilities

5 known vulnerabilities affecting guzzlephp/guzzle.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5

Vulnerabilities

Page 1 of 1
CVE-2022-31090HIGHCVSS 7.7fixed in 6.5.8≥ 7.0.0, < 7.4.52022-06-27
CVE-2022-31090 [HIGH] CWE-200 CVE-2022-31090: Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or
nvd
CVE-2022-31091HIGHCVSS 7.7fixed in 6.5.8≥ 7.0.0, < 7.4.52022-06-27
CVE-2022-31091 [HIGH] CWE-200 CVE-2022-31091: Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitiv Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously,
nvd
CVE-2022-31043HIGHCVSS 7.5fixed in 6.5.7≥ 7.0.0, < 7.4.42022-06-10
CVE-2022-31043 [HIGH] CWE-200 CVE-2022-31043: Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests a Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on t
nvd
CVE-2022-31042HIGHCVSS 7.5fixed in 6.5.7≥ 7.0.0, < 7.4.42022-06-10
CVE-2022-31042 [HIGH] CWE-200 CVE-2022-31042: Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should no
nvd
CVE-2022-29248HIGHCVSS 8.1fixed in 6.5.6≥ 7.0.0, < 7.4.32022-05-25
CVE-2022-29248 [HIGH] CWE-200 CVE-2022-29248: Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middlewa
nvd