Guzzlephp

Psr-7

6 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.16%
  • Veröffentlicht 23.06.2026 15:07:36
  • Zuletzt bearbeitet 30.06.2026 17:17:36

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. I...

  • EPSS 0.19%
  • Veröffentlicht 11.06.2026 12:38:22
  • Zuletzt bearbeitet 15.06.2026 14:41:24

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user...

  • EPSS 0.2%
  • Veröffentlicht 11.06.2026 12:34:32
  • Zuletzt bearbeitet 15.06.2026 14:52:16

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker c...

  • EPSS 0.97%
  • Veröffentlicht 24.04.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:57:14

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newli...

  • EPSS 1.22%
  • Veröffentlicht 17.04.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 07:56:41

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n...

  • EPSS 2.38%
  • Veröffentlicht 21.03.2022 19:15:11
  • Zuletzt bearbeitet 21.11.2024 06:51:04

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There ar...