guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.
CVE-2022-24775 - High Severity Vulnerability
PSR-7 message implementation that also provides common utility methods
Library home page: https://api.github.com/repos/guzzle/psr7/zipball/53330f47520498c0ae1f61f7e2c90f55690c06a3
Dependency Hierarchy: - codeception/codeception-2.3.4 (Root Library) - :x: **guzzlehttp/psr7-1.7.0** (Vulnerable Library)
Found in HEAD commit: 721f00c7479af73f0a73be46c2bc6853e1da863b
Found in base branch: master
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.
Publish Date: 2022-03-21
URL: CVE-2022-24775
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
Release Date: 2022-03-21
Fix Resolution: 1.8.4,2.1.1
Step up your Open Source Security Game with Mend here