guzzlehttp/guzzle

Packagist6 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting guzzlehttp/guzzlepage 1 of 1

CVE-2016-5385HIGHCVSS 8.1EG 8.1✓ Fixed in 5.3.1
2016-07-19
vulnerable: 5.0.0 ... 5.3.0 (7 versions)
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remo…
CVE-2022-29248HIGHCVSS 8.0EG 8.0✓ Fixed in 7.4.3
2022-05-25
vulnerable: 7.0.0 ... 7.4.2 (9 versions)
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cook…
CVE-2022-31042HIGHCVSS 7.5EG 7.5✓ Fixed in 7.4.4
2022-06-10
vulnerable: 7.0.0 ... 7.4.3 (10 versions)
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` sch…
CVE-2022-31043HIGHCVSS 7.5EG 7.5✓ Fixed in 7.4.4
2022-06-10
vulnerable: 7.0.0 ... 7.4.3 (10 versions)
Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` …
CVE-2022-31090HIGHCVSS 7.7EG 7.7✓ Fixed in 7.4.5
2022-06-27
vulnerable: 7.0.0 ... 7.4.4 (11 versions)
Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` heade…
CVE-2022-31091HIGHCVSS 7.7EG 7.7✓ Fixed in 7.4.5
2022-06-27
vulnerable: 7.0.0 ... 7.4.4 (11 versions)
Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to foll…

Check whether guzzlehttp/guzzle is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for guzzlehttp/guzzle CVEs against the assets you own.

Start Free Scan →