Packagist (Composer) package
guzzlehttp/guzzle
pkg:composer/guzzlehttp/guzzle
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31091 | — | < 6.5.8 | 6.5.8 | Jun 27, 2022 | Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorizatio | ||
| CVE-2022-31090 | — | < 6.5.8 | 6.5.8 | Jun 27, 2022 | Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds wit | ||
| CVE-2022-31043 | — | >= 4.0.0, < 6.5.7 | 6.5.7 | Jun 9, 2022 | Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Author | ||
| CVE-2022-31042 | — | >= 4.0.0, < 6.5.7 | 6.5.7 | Jun 9, 2022 | Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server w | ||
| CVE-2022-29248 | — | < 6.5.6 | 6.5.6 | May 25, 2022 | Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a |
- CVE-2022-31091Jun 27, 2022affected < 6.5.8fixed 6.5.8
Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorizatio
- CVE-2022-31090Jun 27, 2022affected < 6.5.8fixed 6.5.8
Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds wit
- CVE-2022-31043Jun 9, 2022affected >= 4.0.0, < 6.5.7fixed 6.5.7
Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Author
- CVE-2022-31042Jun 9, 2022affected >= 4.0.0, < 6.5.7fixed 6.5.7
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server w
- CVE-2022-29248May 25, 2022affected < 6.5.6fixed 6.5.6
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a