VYPR

Packagist (Composer) package

guzzlehttp/psr7

pkg:composer/guzzlehttp/psr7

Vulnerabilities (2)

  • CVE-2023-29197Apr 17, 2023
    affected < 1.9.1fixed 1.9.1

    guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the

  • CVE-2022-24775Mar 21, 2022
    affected < 1.8.4fixed 1.8.4

    guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workaroun