guzzlehttp/guzzle Security Advisories for 7.4.1 (5)
-
[HIGH] CURLOPT_HTTPAUTH option not cleared on change of origin
PKSA-k1b4-kshy-xgbh CVE-2022-31090 GHSA-25mq-v84q-4j7r
Affected version: >=7,<7.4.5|>=4,<6.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Change in port should be considered a change in origin
PKSA-yfw5-9gnj-n2c7 CVE-2022-31091 GHSA-q559-8m2m-g699
Affected version: >=7,<7.4.5|>=4,<6.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Failure to strip the Cookie header on change in host or HTTP downgrade
PKSA-fvw5-9t6n-nwvr CVE-2022-31042 GHSA-f2wf-25xc-69c9
Affected version: >=7,<7.4.4|>=4,<6.5.7
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Fix failure to strip Authorization header on HTTP downgrade
PKSA-2z36-j4q9-rsfy CVE-2022-31043 GHSA-w248-ffj2-4v5q
Affected version: >=7,<7.4.4|>=4,<6.5.7
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Cross-domain cookie leakage
PKSA-6d8m-6kgw-18zr CVE-2022-29248 GHSA-cwmx-hcrq-mhc3
Affected version: >=7,<7.4.3|>=4,<6.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories