CVE-2022-31090
- EPSS 2.82%
- Published 27.06.2022 22:15:08
- Last modified 21.11.2024 07:03:52
Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On makin...
CVE-2022-31091
- EPSS 0.37%
- Published 27.06.2022 22:15:08
- Last modified 21.11.2024 07:03:52
Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we s...
CVE-2022-31042
- EPSS 0.74%
- Published 10.06.2022 00:15:07
- Last modified 21.11.2024 07:03:46
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on ...
CVE-2022-31043
- EPSS 0.95%
- Published 10.06.2022 00:15:07
- Last modified 21.11.2024 07:03:46
Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we ...
CVE-2022-29248
- EPSS 0.45%
- Published 25.05.2022 18:15:08
- Last modified 21.11.2024 06:58:48
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the ...