Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/guzzlehttp/psr7@1.9.1
Typecomposer
Namespaceguzzlehttp
Namepsr7
Version1.9.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.4.5
Latest_non_vulnerable_version2.4.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4tr3-8z2d-5fh6
vulnerability_id VCID-4tr3-8z2d-5fh6
summary 
Interpretation Conflict
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29197
reference_id
reference_type
scores
0
value 0.02291
scoring_system epss
scoring_elements 0.84697
published_at 2026-04-08T12:55:00Z
1
value 0.02291
scoring_system epss
scoring_elements 0.84733
published_at 2026-04-16T12:55:00Z
2
value 0.02291
scoring_system epss
scoring_elements 0.84711
published_at 2026-04-13T12:55:00Z
3
value 0.02291
scoring_system epss
scoring_elements 0.84718
published_at 2026-04-12T12:55:00Z
4
value 0.02291
scoring_system epss
scoring_elements 0.84722
published_at 2026-04-11T12:55:00Z
5
value 0.02291
scoring_system epss
scoring_elements 0.84653
published_at 2026-04-02T12:55:00Z
6
value 0.02291
scoring_system epss
scoring_elements 0.84673
published_at 2026-04-04T12:55:00Z
7
value 0.02291
scoring_system epss
scoring_elements 0.84675
published_at 2026-04-07T12:55:00Z
8
value 0.02291
scoring_system epss
scoring_elements 0.84704
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29197
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24775
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24775
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29197
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29197
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2023-29197.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2023-29197.yaml
4
reference_url https://github.com/guzzle/psr7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7
5
reference_url https://lists.debian.org/debian-lts-announce/2023/12/msg00028.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/12/msg00028.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U/
10
reference_url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034581
reference_id 1034581
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034581
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034597
reference_id 1034597
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034597
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29197
reference_id CVE-2023-29197
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29197
14
reference_url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
15
reference_url https://github.com/advisories/GHSA-wxmh-65f7-jcvw
reference_id GHSA-wxmh-65f7-jcvw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wxmh-65f7-jcvw
16
reference_url https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw
reference_id GHSA-wxmh-65f7-jcvw
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw
17
reference_url https://usn.ubuntu.com/6670-1/
reference_id USN-6670-1
reference_type
scores
url https://usn.ubuntu.com/6670-1/
18
reference_url https://usn.ubuntu.com/6671-1/
reference_id USN-6671-1
reference_type
scores
url https://usn.ubuntu.com/6671-1/
fixed_packages
0
url pkg:composer/guzzlehttp/psr7@1.9.1
purl pkg:composer/guzzlehttp/psr7@1.9.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/psr7@1.9.1
1
url pkg:composer/guzzlehttp/psr7@2.4.5
purl pkg:composer/guzzlehttp/psr7@2.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/psr7@2.4.5
aliases CVE-2023-29197, GHSA-wxmh-65f7-jcvw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tr3-8z2d-5fh6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/psr7@1.9.1