guzzlehttp/guzzle is vulnerable to cross-domain cookie leakage. The library does not check if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie
header, which allows an attacker to set malicious domains and redirect the victim to harmful third party servers.
github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab
github.com/guzzle/guzzle/commit/f092dd734083473658de3ee4bef093ed77d2689c
github.com/guzzle/guzzle/pull/3018
github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
www.debian.org/security/2022/dsa-5246
www.drupal.org/sa-core-2022-010