VYPR
Moderate severityNVD Advisory· Published Mar 21, 2022· Updated Apr 23, 2025

Improper Input Validation in guzzlehttp/psr7

CVE-2022-24775

Description

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
guzzlehttp/psr7Packagist
< 1.8.41.8.4
guzzlehttp/psr7Packagist
>= 2.0.0, < 2.1.12.1.1

Affected products

3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.