Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/48186?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/48186?format=api", "purl": "pkg:composer/guzzlehttp/psr7@2.1.1", "type": "composer", "namespace": "guzzlehttp", "name": "psr7", "version": "2.1.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.5", "latest_non_vulnerable_version": "2.4.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17289?format=api", "vulnerability_id": "VCID-4tr3-8z2d-5fh6", "summary": "Interpretation Conflict\nguzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\\n) into both the header names and values. While the specification states that \\r\\n\\r\\n is used to terminate the header list, many servers in the wild will also accept \\n\\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.84675", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.84711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.84718", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.84722", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.84704", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.84653", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.84673", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.84697", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24775", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29197" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2023-29197.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2023-29197.yaml" }, { "reference_url": "https://github.com/guzzle/psr7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/psr7" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U/" }, { "reference_url": "https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034581", "reference_id": "1034581", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034581" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034597", "reference_id": "1034597", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034597" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29197", "reference_id": "CVE-2023-29197", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29197" }, { "reference_url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96", "reference_id": "GHSA-q7rv-6hp3-vh96", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96" }, { "reference_url": "https://github.com/advisories/GHSA-wxmh-65f7-jcvw", "reference_id": "GHSA-wxmh-65f7-jcvw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wxmh-65f7-jcvw" }, { "reference_url": "https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw", "reference_id": "GHSA-wxmh-65f7-jcvw", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw" }, { "reference_url": "https://usn.ubuntu.com/6670-1/", "reference_id": "USN-6670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6670-1/" }, { "reference_url": "https://usn.ubuntu.com/6671-1/", "reference_id": "USN-6671-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6671-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57144?format=api", "purl": "pkg:composer/guzzlehttp/psr7@2.4.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/psr7@2.4.5" } ], "aliases": [ "CVE-2023-29197", "GHSA-wxmh-65f7-jcvw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tr3-8z2d-5fh6" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13472?format=api", "vulnerability_id": "VCID-wbuz-qcp3-43aq", "summary": "Improper Input Validation\nguzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76084", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.7614", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76143", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76167", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76142", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76128", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76095", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76116", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml" }, { "reference_url": "https://github.com/guzzle/psr7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/guzzle/psr7" }, { "reference_url": "https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1" }, { "reference_url": "https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc" }, { "reference_url": "https://www.drupal.org/sa-core-2022-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://www.drupal.org/sa-core-2022-006" }, { "reference_url": "https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236", "reference_id": "1008236", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24775", "reference_id": "CVE-2022-24775", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24775" }, { "reference_url": "https://github.com/advisories/GHSA-q7rv-6hp3-vh96", "reference_id": "GHSA-q7rv-6hp3-vh96", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q7rv-6hp3-vh96" }, { "reference_url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96", "reference_id": "GHSA-q7rv-6hp3-vh96", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/" } ], "url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96" }, { "reference_url": "https://usn.ubuntu.com/6670-1/", "reference_id": "USN-6670-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6670-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48184?format=api", "purl": "pkg:composer/guzzlehttp/psr7@1.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tr3-8z2d-5fh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/psr7@1.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/48186?format=api", "purl": "pkg:composer/guzzlehttp/psr7@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tr3-8z2d-5fh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/psr7@2.1.1" } ], "aliases": [ "CVE-2022-24775", "GHSA-q7rv-6hp3-vh96" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbuz-qcp3-43aq" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/psr7@2.1.1" }