VYPR

Packagist (Composer) package

guzzlehttp/guzzle

pkg:composer/guzzlehttp/guzzle

Vulnerabilities (5)

  • CVE-2022-31091Jun 27, 2022
    affected < 6.5.8fixed 6.5.8

    Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorizatio

  • CVE-2022-31090Jun 27, 2022
    affected < 6.5.8fixed 6.5.8

    Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds wit

  • CVE-2022-31043Jun 9, 2022
    affected >= 4.0.0, < 6.5.7fixed 6.5.7

    Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Author

  • CVE-2022-31042Jun 9, 2022
    affected >= 4.0.0, < 6.5.7fixed 6.5.7

    Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server w

  • CVE-2022-29248May 25, 2022
    affected < 6.5.6fixed 6.5.6

    Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a