7.5

CVE-2022-24775

Improper Input Validation in guzzlehttp/psr7

guzzlehttp/psr7 <= 1.84 and 2.0.0-2.1.0 - Improper Input Validation

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.
Mögliche Gegenmaßnahme
Insert Special Characters: Update to version 1.0.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DrupalDrupal Version >= 8.0.0 < 9.2.16
DrupalDrupal Version >= 9.3.0 < 9.3.9
GuzzlephpPsr-7 Version < 1.8.4
GuzzlephpPsr-7 Version >= 2.0.0 < 2.1.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Insert Special Characters
Version *-1.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.38% 0.817
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
security-advisories@github.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
Patch
Third Party Advisory
https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
Patch
Third Party Advisory
https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
Third Party Advisory
https://www.drupal.org/sa-core-2022-006
Patch
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/07b34541-25df-407b-8d56-16e3e510d83a
Third Party Advisory