Skip to content

Improper header name validation in guzzlehttp/psr7

Moderate severity GitHub Reviewed Published Apr 17, 2023 in guzzle/psr7 • Updated May 1, 2023

Package

composer guzzlehttp/psr7 (Composer)

Affected versions

< 1.9.1
>= 2.0.0, < 2.4.5

Patched versions

1.9.1
2.4.5
@GrahamCampbell GrahamCampbell published to guzzle/psr7 Apr 17, 2023
Published to the GitHub Advisory Database Apr 19, 2023
Reviewed Apr 19, 2023
Last updated May 1, 2023

Severity

Moderate
5.3
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Weaknesses

CVE ID

CVE-2023-29197

GHSA ID

GHSA-wxmh-65f7-jcvw

Source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.