VYPR

Packagist (Composer) package

guzzlehttp/oauth-subscriber

pkg:composer/guzzlehttp/oauth-subscriber

Vulnerabilities (1)

  • CVE-2025-21617MedJan 6, 2025
    affected < 0.8.1fixed 0.8.1

    Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixe