guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.
CVE-2022-24775 - High Severity Vulnerability
PSR-7 HTTP message library
Dependency Hierarchy: - laravel/passport-v4.0.3 (Root Library) - guzzlehttp/guzzle-6.4.1 - :x: **guzzlehttp/psr7-1.6.1** (Vulnerable Library)
Found in HEAD commit: 6937a6413a72bc7060c19b8195035c2b9504cbd2
Found in base branch: master
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.
Publish Date: 2022-03-21
URL: CVE-2022-24775
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
Release Date: 2022-03-21
Fix Resolution: 1.8.4,2.1.1