CVE-2026-55766
- EPSS 0.16%
- Veröffentlicht 23.06.2026 15:07:36
- Zuletzt bearbeitet 30.06.2026 17:17:36
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. I...
CVE-2026-49214
- EPSS 0.19%
- Veröffentlicht 11.06.2026 12:38:22
- Zuletzt bearbeitet 15.06.2026 14:41:24
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user...
CVE-2026-48998
- EPSS 0.2%
- Veröffentlicht 11.06.2026 12:34:32
- Zuletzt bearbeitet 15.06.2026 14:52:16
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker c...
CVE-2023-29530
- EPSS 0.97%
- Veröffentlicht 24.04.2023 20:15:08
- Zuletzt bearbeitet 21.11.2024 07:57:14
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newli...
CVE-2023-29197
- EPSS 1.22%
- Veröffentlicht 17.04.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:56:41
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n...
CVE-2022-24775
- EPSS 2.38%
- Veröffentlicht 21.03.2022 19:15:11
- Zuletzt bearbeitet 21.11.2024 06:51:04
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There ar...