Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/guzzlehttp/guzzle@4.1.6
Typecomposer
Namespaceguzzlehttp
Nameguzzle
Version4.1.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.5.8
Latest_non_vulnerable_version7.4.5
Affected_by_vulnerabilities
0
url VCID-674z-nf4t-b7ez
vulnerability_id VCID-674z-nf4t-b7ez
summary 
Cross-domain cookie leakage in Guzzle
### Impact

Previous version of Guzzle contain a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the `Set-Cookie` header, allowing a malicious server to set cookies for unrelated domains. For example an attacker at `www.example.com` might set a session cookie for `api.example.net`, logging the Guzzle client into their account and retrieving private API requests from the security log of their account.

Note that our cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with `['cookies' => true]` are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability.

### Patches

Affected Guzzle 7 users should upgrade to Guzzle 7.4.3 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.6 or 7.4.3.

### Workarounds

If you do not need support for cookies, turn off the cookie middleware. It is already off by default, but if you have turned it on and no longer need it, turn it off.

### References

* [RFC6265 Section 5.3](https://datatracker.ietf.org/doc/html/rfc6265#section-5.3)
* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)

### For more information

If you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29248
reference_id
reference_type
scores
0
value 0.00637
scoring_system epss
scoring_elements 0.70414
published_at 2026-04-02T12:55:00Z
1
value 0.00637
scoring_system epss
scoring_elements 0.70465
published_at 2026-04-13T12:55:00Z
2
value 0.00637
scoring_system epss
scoring_elements 0.7048
published_at 2026-04-12T12:55:00Z
3
value 0.00637
scoring_system epss
scoring_elements 0.70495
published_at 2026-04-11T12:55:00Z
4
value 0.00637
scoring_system epss
scoring_elements 0.70471
published_at 2026-04-09T12:55:00Z
5
value 0.00637
scoring_system epss
scoring_elements 0.70455
published_at 2026-04-08T12:55:00Z
6
value 0.00637
scoring_system epss
scoring_elements 0.7041
published_at 2026-04-07T12:55:00Z
7
value 0.00637
scoring_system epss
scoring_elements 0.70431
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29248
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
16
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml
17
reference_url https://github.com/guzzle/guzzle
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/guzzle
18
reference_url https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/
url https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab
19
reference_url https://github.com/guzzle/guzzle/pull/3018
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/
url https://github.com/guzzle/guzzle/pull/3018
20
reference_url https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/
url https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29248
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29248
22
reference_url https://www.debian.org/security/2022/dsa-5246
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/
url https://www.debian.org/security/2022/dsa-5246
23
reference_url https://www.drupal.org/sa-core-2022-010
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/
url https://www.drupal.org/sa-core-2022-010
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636
reference_id 1011636
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636
25
reference_url https://security.archlinux.org/AVG-2823
reference_id AVG-2823
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2823
26
reference_url https://github.com/advisories/GHSA-cwmx-hcrq-mhc3
reference_id GHSA-cwmx-hcrq-mhc3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cwmx-hcrq-mhc3
fixed_packages
0
url pkg:composer/guzzlehttp/guzzle@6.5.6
purl pkg:composer/guzzlehttp/guzzle@6.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9exs-x5s1-4bhg
1
vulnerability VCID-9xyz-wzr8-wqhz
2
vulnerability VCID-nwsr-ruca-2kha
3
vulnerability VCID-wzqf-k99e-vbeu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@6.5.6
1
url pkg:composer/guzzlehttp/guzzle@7.0.0-beta.1
purl pkg:composer/guzzlehttp/guzzle@7.0.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@7.0.0-beta.1
2
url pkg:composer/guzzlehttp/guzzle@7.4.3
purl pkg:composer/guzzlehttp/guzzle@7.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9exs-x5s1-4bhg
1
vulnerability VCID-9xyz-wzr8-wqhz
2
vulnerability VCID-nwsr-ruca-2kha
3
vulnerability VCID-wzqf-k99e-vbeu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@7.4.3
aliases CVE-2022-29248, GHSA-cwmx-hcrq-mhc3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-674z-nf4t-b7ez
1
url VCID-9exs-x5s1-4bhg
vulnerability_id VCID-9exs-x5s1-4bhg
summary 
Failure to strip the Cookie header on change in host or HTTP downgrade
### Impact

`Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there.

### Patches

Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4.

### Workarounds

An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.

### References

* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)

### For more information

If you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31042
reference_id
reference_type
scores
0
value 0.01454
scoring_system epss
scoring_elements 0.80771
published_at 2026-04-07T12:55:00Z
1
value 0.01454
scoring_system epss
scoring_elements 0.80801
published_at 2026-04-13T12:55:00Z
2
value 0.01454
scoring_system epss
scoring_elements 0.80774
published_at 2026-04-04T12:55:00Z
3
value 0.01454
scoring_system epss
scoring_elements 0.80753
published_at 2026-04-02T12:55:00Z
4
value 0.01454
scoring_system epss
scoring_elements 0.80809
published_at 2026-04-12T12:55:00Z
5
value 0.01454
scoring_system epss
scoring_elements 0.80824
published_at 2026-04-11T12:55:00Z
6
value 0.01454
scoring_system epss
scoring_elements 0.80807
published_at 2026-04-09T12:55:00Z
7
value 0.01454
scoring_system epss
scoring_elements 0.80799
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31042
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
16
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml
17
reference_url https://github.com/guzzle/guzzle
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/guzzle
18
reference_url https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/
url https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8
19
reference_url https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/
url https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31042
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31042
21
reference_url https://www.debian.org/security/2022/dsa-5246
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/
url https://www.debian.org/security/2022/dsa-5246
22
reference_url https://www.drupal.org/sa-core-2022-011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/
url https://www.drupal.org/sa-core-2022-011
23
reference_url https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:32Z/
url https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821
reference_id 1012821
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821
25
reference_url https://security.archlinux.org/AVG-2823
reference_id AVG-2823
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2823
26
reference_url https://github.com/advisories/GHSA-f2wf-25xc-69c9
reference_id GHSA-f2wf-25xc-69c9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f2wf-25xc-69c9
fixed_packages
0
url pkg:composer/guzzlehttp/guzzle@6.5.7
purl pkg:composer/guzzlehttp/guzzle@6.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xyz-wzr8-wqhz
1
vulnerability VCID-wzqf-k99e-vbeu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@6.5.7
1
url pkg:composer/guzzlehttp/guzzle@7.4.4
purl pkg:composer/guzzlehttp/guzzle@7.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xyz-wzr8-wqhz
1
vulnerability VCID-wzqf-k99e-vbeu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@7.4.4
aliases CVE-2022-31042, GHSA-f2wf-25xc-69c9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9exs-x5s1-4bhg
2
url VCID-9xyz-wzr8-wqhz
vulnerability_id VCID-9xyz-wzr8-wqhz
summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31090
reference_id
reference_type
scores
0
value 0.03005
scoring_system epss
scoring_elements 0.86529
published_at 2026-04-02T12:55:00Z
1
value 0.03005
scoring_system epss
scoring_elements 0.8658
published_at 2026-04-13T12:55:00Z
2
value 0.03005
scoring_system epss
scoring_elements 0.86587
published_at 2026-04-12T12:55:00Z
3
value 0.03005
scoring_system epss
scoring_elements 0.86591
published_at 2026-04-11T12:55:00Z
4
value 0.03005
scoring_system epss
scoring_elements 0.86548
published_at 2026-04-04T12:55:00Z
5
value 0.03005
scoring_system epss
scoring_elements 0.86576
published_at 2026-04-09T12:55:00Z
6
value 0.03005
scoring_system epss
scoring_elements 0.86567
published_at 2026-04-08T12:55:00Z
7
value 0.03005
scoring_system epss
scoring_elements 0.86547
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31090
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
16
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml
17
reference_url https://github.com/guzzle/guzzle
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/guzzle
18
reference_url https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md
19
reference_url https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md
20
reference_url https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/
url https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82
21
reference_url https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/
url https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31090
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31090
23
reference_url https://www.debian.org/security/2022/dsa-5246
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/
url https://www.debian.org/security/2022/dsa-5246
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492
reference_id 1014492
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492
25
reference_url https://security.archlinux.org/AVG-2823
reference_id AVG-2823
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2823
26
reference_url https://github.com/advisories/GHSA-25mq-v84q-4j7r
reference_id GHSA-25mq-v84q-4j7r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-25mq-v84q-4j7r
27
reference_url https://security.gentoo.org/glsa/202305-24
reference_id GLSA-202305-24
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:50Z/
url https://security.gentoo.org/glsa/202305-24
fixed_packages
0
url pkg:composer/guzzlehttp/guzzle@6.5.8
purl pkg:composer/guzzlehttp/guzzle@6.5.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@6.5.8
1
url pkg:composer/guzzlehttp/guzzle@7.4.5
purl pkg:composer/guzzlehttp/guzzle@7.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@7.4.5
aliases CVE-2022-31090, GHSA-25mq-v84q-4j7r, GMS-2022-2528
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyz-wzr8-wqhz
3
url VCID-nwsr-ruca-2kha
vulnerability_id VCID-nwsr-ruca-2kha
summary 
Fix failure to strip Authorization header on HTTP downgrade
### Impact

`Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host.

### Patches

Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4.

### Workarounds

An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.

### References

* [RFC9110 Section 15.4](https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx)

### For more information

If you have any questions or comments about this advisory, please get in touch with us in `#guzzle` on the [PHP HTTP Slack](https://php-http.slack.com/). Do not report additional security advisories in that public channel, however - please follow our [vulnerability reporting process](https://github.com/guzzle/guzzle/security/policy).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31043
reference_id
reference_type
scores
0
value 0.01454
scoring_system epss
scoring_elements 0.80807
published_at 2026-04-09T12:55:00Z
1
value 0.01454
scoring_system epss
scoring_elements 0.80801
published_at 2026-04-13T12:55:00Z
2
value 0.01454
scoring_system epss
scoring_elements 0.80809
published_at 2026-04-12T12:55:00Z
3
value 0.01454
scoring_system epss
scoring_elements 0.80824
published_at 2026-04-11T12:55:00Z
4
value 0.01454
scoring_system epss
scoring_elements 0.80753
published_at 2026-04-02T12:55:00Z
5
value 0.01454
scoring_system epss
scoring_elements 0.80774
published_at 2026-04-04T12:55:00Z
6
value 0.01454
scoring_system epss
scoring_elements 0.80771
published_at 2026-04-07T12:55:00Z
7
value 0.01454
scoring_system epss
scoring_elements 0.80799
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31043
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
16
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml
17
reference_url https://github.com/guzzle/guzzle
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/guzzle
18
reference_url https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/
url https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8
19
reference_url https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/
url https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31043
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31043
21
reference_url https://www.debian.org/security/2022/dsa-5246
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/
url https://www.debian.org/security/2022/dsa-5246
22
reference_url https://www.drupal.org/sa-core-2022-011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/
url https://www.drupal.org/sa-core-2022-011
23
reference_url https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:28Z/
url https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821
reference_id 1012821
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012821
25
reference_url https://security.archlinux.org/AVG-2823
reference_id AVG-2823
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2823
26
reference_url https://github.com/advisories/GHSA-w248-ffj2-4v5q
reference_id GHSA-w248-ffj2-4v5q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w248-ffj2-4v5q
fixed_packages
0
url pkg:composer/guzzlehttp/guzzle@6.5.7
purl pkg:composer/guzzlehttp/guzzle@6.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xyz-wzr8-wqhz
1
vulnerability VCID-wzqf-k99e-vbeu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@6.5.7
1
url pkg:composer/guzzlehttp/guzzle@7.4.4
purl pkg:composer/guzzlehttp/guzzle@7.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xyz-wzr8-wqhz
1
vulnerability VCID-wzqf-k99e-vbeu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@7.4.4
aliases CVE-2022-31043, GHSA-w248-ffj2-4v5q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwsr-ruca-2kha
4
url VCID-wzqf-k99e-vbeu
vulnerability_id VCID-wzqf-k99e-vbeu
summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31091
reference_id
reference_type
scores
0
value 0.0034
scoring_system epss
scoring_elements 0.5672
published_at 2026-04-02T12:55:00Z
1
value 0.0034
scoring_system epss
scoring_elements 0.5674
published_at 2026-04-13T12:55:00Z
2
value 0.0034
scoring_system epss
scoring_elements 0.56761
published_at 2026-04-12T12:55:00Z
3
value 0.0034
scoring_system epss
scoring_elements 0.56784
published_at 2026-04-11T12:55:00Z
4
value 0.0034
scoring_system epss
scoring_elements 0.56775
published_at 2026-04-09T12:55:00Z
5
value 0.0034
scoring_system epss
scoring_elements 0.56771
published_at 2026-04-08T12:55:00Z
6
value 0.0034
scoring_system epss
scoring_elements 0.56719
published_at 2026-04-07T12:55:00Z
7
value 0.0034
scoring_system epss
scoring_elements 0.56741
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31091
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
16
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml
17
reference_url https://github.com/guzzle/guzzle
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/guzzle
18
reference_url https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/
url https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82
19
reference_url https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/
url https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31091
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31091
21
reference_url https://www.debian.org/security/2022/dsa-5246
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/
url https://www.debian.org/security/2022/dsa-5246
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492
reference_id 1014492
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014492
23
reference_url https://security.archlinux.org/AVG-2823
reference_id AVG-2823
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2823
24
reference_url https://github.com/advisories/GHSA-q559-8m2m-g699
reference_id GHSA-q559-8m2m-g699
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q559-8m2m-g699
25
reference_url https://security.gentoo.org/glsa/202305-24
reference_id GLSA-202305-24
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:47Z/
url https://security.gentoo.org/glsa/202305-24
fixed_packages
0
url pkg:composer/guzzlehttp/guzzle@6.5.8
purl pkg:composer/guzzlehttp/guzzle@6.5.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@6.5.8
1
url pkg:composer/guzzlehttp/guzzle@7.4.5
purl pkg:composer/guzzlehttp/guzzle@7.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@7.4.5
aliases CVE-2022-31091, GHSA-q559-8m2m-g699, GMS-2022-2529
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzqf-k99e-vbeu
5
url VCID-zawz-vky5-tkgt
vulnerability_id VCID-zawz-vky5-tkgt
summary 
Improper Access Control
PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the `HTTP_PROXY` environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an `httpoxy` issue.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-1609.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1609.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-1610.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1610.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-1611.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1611.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-1612.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1612.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-1613.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1613.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5385.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5385.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-5385
reference_id
reference_type
scores
0
value 0.81346
scoring_system epss
scoring_elements 0.99162
published_at 2026-04-01T12:55:00Z
1
value 0.81346
scoring_system epss
scoring_elements 0.9917
published_at 2026-04-12T12:55:00Z
2
value 0.81346
scoring_system epss
scoring_elements 0.99168
published_at 2026-04-07T12:55:00Z
3
value 0.81346
scoring_system epss
scoring_elements 0.99169
published_at 2026-04-13T12:55:00Z
4
value 0.81346
scoring_system epss
scoring_elements 0.99163
published_at 2026-04-02T12:55:00Z
5
value 0.81346
scoring_system epss
scoring_elements 0.99165
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-5385
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1353794
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1353794
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6289
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6289
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6290
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6290
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6291
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6291
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6292
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6292
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6294
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6295
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6295
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6296
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6296
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6297
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6297
19
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
20
reference_url https://github.com/amphp/artax/commit/81254742812a5a9adf4b085f543f3f21daedcd97
reference_id
reference_type
scores
url https://github.com/amphp/artax/commit/81254742812a5a9adf4b085f543f3f21daedcd97
21
reference_url https://github.com/amphp/artax/commit/b60cf493c9e577a3678865f620b1eb61ab3d7ca9
reference_id
reference_type
scores
url https://github.com/amphp/artax/commit/b60cf493c9e577a3678865f620b1eb61ab3d7ca9
22
reference_url https://github.com/bugsnag/bugsnag-laravel/pull/143
reference_id
reference_type
scores
url https://github.com/bugsnag/bugsnag-laravel/pull/143
23
reference_url https://github.com/bugsnag/bugsnag-laravel/pull/145
reference_id
reference_type
scores
url https://github.com/bugsnag/bugsnag-laravel/pull/145
24
reference_url https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2
reference_id
reference_type
scores
url https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2
25
reference_url https://github.com/guzzle/guzzle/blob/4.x/CHANGELOG.md#424-2016-07-18
reference_id
reference_type
scores
url https://github.com/guzzle/guzzle/blob/4.x/CHANGELOG.md#424-2016-07-18
26
reference_url https://github.com/guzzle/guzzle/blob/5.3/CHANGELOG.md#531---2016-07-18
reference_id
reference_type
scores
url https://github.com/guzzle/guzzle/blob/5.3/CHANGELOG.md#531---2016-07-18
27
reference_url https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md#622---2016-10-08
reference_id
reference_type
scores
url https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md#622---2016-10-08
28
reference_url https://github.com/guzzle/guzzle/releases/tag/6.2.1
reference_id
reference_type
scores
url https://github.com/guzzle/guzzle/releases/tag/6.2.1
29
reference_url https://github.com/humbug/file_get_contents/pull/23
reference_id
reference_type
scores
url https://github.com/humbug/file_get_contents/pull/23
30
reference_url https://github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5
reference_id
reference_type
scores
url https://github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5
31
reference_url https://github.com/humbug/file_get_contents/releases/tag/1.1.2
reference_id
reference_type
scores
url https://github.com/humbug/file_get_contents/releases/tag/1.1.2
32
reference_url https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
33
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
34
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297
35
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
36
reference_url https://httpoxy.org/
reference_id
reference_type
scores
url https://httpoxy.org/
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
42
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
43
reference_url https://security.gentoo.org/glsa/201611-22
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201611-22
44
reference_url https://twitter.com/asyncphp/status/755136084917583872
reference_id
reference_type
scores
url https://twitter.com/asyncphp/status/755136084917583872
45
reference_url https://typo3.org/security/advisory/typo3-core-sa-2016-019
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2016-019
46
reference_url https://www.drupal.org/SA-CORE-2016-003
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2016-003
47
reference_url http://www.debian.org/security/2016/dsa-3631
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3631
48
reference_url http://www.kb.cert.org/vuls/id/797896
reference_id
reference_type
scores
url http://www.kb.cert.org/vuls/id/797896
49
reference_url http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
50
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
51
reference_url http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
52
reference_url http://www.securityfocus.com/bid/91821
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/91821
53
reference_url http://www.securitytracker.com/id/1036335
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1036335
54
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5385
reference_id CVE-2016-5385
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-5385
55
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/CVE-2016-5385.yaml
56
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/bugsnag/bugsnag-laravel/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/bugsnag/bugsnag-laravel/CVE-2016-5385.yaml
57
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-5385.yaml
58
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-5385.yaml
59
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2016-5385.yaml
60
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/padraic/humbug_get_contents/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/padraic/humbug_get_contents/CVE-2016-5385.yaml
61
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2016-5385.yaml
62
reference_url https://github.com/advisories/GHSA-m6ch-gg5f-wxx3
reference_id GHSA-m6ch-gg5f-wxx3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6ch-gg5f-wxx3
63
reference_url https://access.redhat.com/errata/RHSA-2016:1609
reference_id RHSA-2016:1609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1609
64
reference_url https://access.redhat.com/errata/RHSA-2016:1610
reference_id RHSA-2016:1610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1610
65
reference_url https://access.redhat.com/errata/RHSA-2016:1611
reference_id RHSA-2016:1611
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1611
66
reference_url https://access.redhat.com/errata/RHSA-2016:1612
reference_id RHSA-2016:1612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1612
67
reference_url https://access.redhat.com/errata/RHSA-2016:1613
reference_id RHSA-2016:1613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1613
68
reference_url https://usn.ubuntu.com/3045-1/
reference_id USN-3045-1
reference_type
scores
url https://usn.ubuntu.com/3045-1/
fixed_packages
0
url pkg:composer/guzzlehttp/guzzle@4.2.4
purl pkg:composer/guzzlehttp/guzzle@4.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-674z-nf4t-b7ez
1
vulnerability VCID-9exs-x5s1-4bhg
2
vulnerability VCID-9xyz-wzr8-wqhz
3
vulnerability VCID-nwsr-ruca-2kha
4
vulnerability VCID-wzqf-k99e-vbeu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@4.2.4
1
url pkg:composer/guzzlehttp/guzzle@5.3.1
purl pkg:composer/guzzlehttp/guzzle@5.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-674z-nf4t-b7ez
1
vulnerability VCID-9exs-x5s1-4bhg
2
vulnerability VCID-9xyz-wzr8-wqhz
3
vulnerability VCID-nwsr-ruca-2kha
4
vulnerability VCID-wzqf-k99e-vbeu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@5.3.1
2
url pkg:composer/guzzlehttp/guzzle@6.2.1
purl pkg:composer/guzzlehttp/guzzle@6.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-674z-nf4t-b7ez
1
vulnerability VCID-9exs-x5s1-4bhg
2
vulnerability VCID-9xyz-wzr8-wqhz
3
vulnerability VCID-nwsr-ruca-2kha
4
vulnerability VCID-wzqf-k99e-vbeu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@6.2.1
aliases CVE-2016-5385, GHSA-m6ch-gg5f-wxx3
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zawz-vky5-tkgt
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@4.1.6