Lucene search
GoogleOSV:GHSA-Q7RV-6HP3-VH96HistoryMar 25, 2022 - 7:26 p.m.
Improper Input Validation in guzzlehttp/psr7
2022-03-2519:26:33
Google
osv.dev
114
improper input validation
guzzlehttp/psr7
header parsing
patched
rfc7230
EPSS
0.003
Percentile
65.7%
Impact
Improper header parsing. An attacker could sneak in a carriage return character (\r) and pass untrusted values in both the header names and values.
Patches
The issue is patched in 1.8.4 and 2.1.1.
Workarounds
There are no known workarounds.
References
References
github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
github.com/guzzle/psr7
github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
nvd.nist.gov/vuln/detail/CVE-2022-24775
www.drupal.org/sa-core-2022-006
www.rfc-editor.org/rfc/rfc7230#section-3.2.4
Related
osv
osv
Improper header name validation in guzzlehttp/psr7
2023-04-19 18:25:53
HTTP Multiline Header Termination
2023-04-24 22:42:39
CVE-2023-29530
2023-04-24 20:15:08
nessus
nessus
Fedora 37 : php-nyholm-psr7 (2023-c29ae4c76f)
2023-04-28 00:00:00
Ubuntu 22.04 LTS : php-nyholm-psr7 vulnerability (USN-6671-1)
2024-02-29 00:00:00
prion
prion
Design/Logic Flaw
2023-04-17 22:15:00
Design/Logic Flaw
2023-04-24 20:15:00
Input validation
2022-03-21 19:15:00
github
github
HTTP Multiline Header Termination
2023-04-24 22:42:39
Insecure header validation in slim/psr7
2023-04-18 22:20:42
Improper header name validation in guzzlehttp/psr7
2023-04-19 18:25:53
cve
cve
debiancve
debiancve
CVE-2023-29197
2023-04-17 22:15:09
CVE-2022-24775
2022-03-21 19:15:11
ubuntucve
ubuntucve
CVE-2023-29197
2023-04-17 00:00:00
CVE-2022-24775
2022-03-21 00:00:00
nvd
nvd
ubuntu
ubuntu
php-guzzlehttp-psr7 vulnerabilities
2024-02-29 00:00:00
php-nyholm-psr7 vulnerability
2024-02-29 00:00:00
cvelist
cvelist
CVE-2023-29197 Improper header name validation in guzzlehttp/psr7
2023-04-17 21:08:46
CVE-2022-24775 Improper Input Validation in guzzlehttp/psr7
2022-03-21 19:00:17
debian
debian
[SECURITY] [DLA 3705-1] php-guzzlehttp-psr7 security update
2023-12-31 22:52:23
openvas
openvas
Ubuntu: Security Advisory (USN-6670-1)
2024-03-01 00:00:00
Drupal Vulnerability in Third-party Library (SA-CORE-2022-006) - Linux
2022-03-22 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: php-nyholm-psr7-1.7.0-1.fc38
2023-04-29 02:53:18
[SECURITY] Fedora 38 Update: php-laminas-diactoros2-2.25.2-1.fc38
2023-04-28 02:37:20
[SECURITY] Fedora 37 Update: php-nyholm-psr7-1.6.1-1.fc37
2023-04-28 02:04:03
veracode
veracode
Improper Input Validation
2023-05-02 07:33:52
Improper Input Validation
2022-03-22 06:41:06
HTTP Request Smuggling
2023-04-19 11:10:06
laminas
laminas
HTTP Multiline Header Termination Vulnerability
2023-04-17 17:00:00
friendsofphp
friendsofphp
Improper Input Validation in headers
2023-04-17 16:00:00
Improper header validation
2023-04-17 16:00:00
Improper Input Validation in headers
2023-04-17 16:00:00
drupal
drupal
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-006
2022-03-21 00:00:00
freebsd
freebsd
mantis -- multiple vulnerabilities
2023-10-14 00:00:00
mediawiki -- multiple vulnerabilities
2023-04-21 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerability
2023-07-27 01:07:49