Guzzlephp

Guzzle

7 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.11%
  • Veröffentlicht 23.06.2026 15:05:05
  • Zuletzt bearbeitet 26.06.2026 19:34:41

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain() removes leading dots from the cookie domain, normalizing dot-o...

  • EPSS 0.11%
  • Veröffentlicht 23.06.2026 14:54:23
  • Zuletzt bearbeitet 26.06.2026 19:34:13

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials (the Proxy-Authorization header, proxy ...

  • EPSS 1.76%
  • Veröffentlicht 27.06.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:52

Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On makin...

  • EPSS 1.38%
  • Veröffentlicht 27.06.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:52

Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we s...

  • EPSS 1.82%
  • Veröffentlicht 10.06.2022 00:15:07
  • Zuletzt bearbeitet 21.11.2024 07:03:46

Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on ...

  • EPSS 1.82%
  • Veröffentlicht 10.06.2022 00:15:07
  • Zuletzt bearbeitet 21.11.2024 07:03:46

Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we ...

  • EPSS 1.24%
  • Veröffentlicht 25.05.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:58:48

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the ...