{"url":"http://public2.vulnerablecode.io/api/packages/539529?format=json","purl":"pkg:composer/drupal/core@9.2.11","type":"composer","namespace":"drupal","name":"core","version":"9.2.11","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.38.0","latest_non_vulnerable_version":"11.3.7","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173496?format=json","vulnerability_id":"VCID-ed3c-h2ww-j3gm","summary":"guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24775","reference_id":"","reference_type":"","scores":[{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76567","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775"},{"reference_url":"https://github.com/guzzle/psr7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guzzle/psr7"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236","reference_id":"1008236","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236"},{"reference_url":"https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc","reference_id":"9a96d9db668b485361ed9de7b5bf1e54895df1dc","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/"}],"url":"https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24775","reference_id":"CVE-2022-24775","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24775"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml","reference_id":"CVE-2022-24775.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml"},{"reference_url":"https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1","reference_id":"e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/"}],"url":"https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1"},{"reference_url":"https://github.com/advisories/GHSA-q7rv-6hp3-vh96","reference_id":"GHSA-q7rv-6hp3-vh96","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q7rv-6hp3-vh96"},{"reference_url":"https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96","reference_id":"GHSA-q7rv-6hp3-vh96","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/"}],"url":"https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96"},{"reference_url":"https://www.drupal.org/sa-core-2022-006","reference_id":"sa-core-2022-006","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/"}],"url":"https://www.drupal.org/sa-core-2022-006"},{"reference_url":"https://usn.ubuntu.com/6670-1/","reference_id":"USN-6670-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6670-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392283?format=json","purl":"pkg:composer/drupal/core@9.2.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/545275?format=json","purl":"pkg:composer/drupal/core@9.3.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/392284?format=json","purl":"pkg:composer/drupal/core@9.3.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/545278?format=json","purl":"pkg:composer/drupal/core@10.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.0-alpha1"}],"aliases":["CVE-2022-24775","GHSA-q7rv-6hp3-vh96"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed3c-h2ww-j3gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208224?format=json","vulnerability_id":"VCID-sdue-15dg-4ugt","summary":"Incorrect authorization in Drupal core","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25270","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.49088","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25270"},{"reference_url":"https://www.drupal.org/sa-core-2022-004","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2022-004"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25270","reference_id":"CVE-2022-25270","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25270"},{"reference_url":"https://github.com/advisories/GHSA-73q4-j324-2qcc","reference_id":"GHSA-73q4-j324-2qcc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-73q4-j324-2qcc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19448?format=json","purl":"pkg:composer/drupal/core@9.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ed3c-h2ww-j3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/19451?format=json","purl":"pkg:composer/drupal/core@9.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-wcjd-ht3x-77e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.6"}],"aliases":["CVE-2022-25270","GHSA-73q4-j324-2qcc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdue-15dg-4ugt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208226?format=json","vulnerability_id":"VCID-yjm8-gadp-jkhr","summary":"Improper input validation in Drupal core","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25271","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58211","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25271"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"},{"reference_url":"https://www.drupal.org/sa-core-2022-003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2022-003"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25271","reference_id":"CVE-2022-25271","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25271"},{"reference_url":"https://github.com/advisories/GHSA-fmfv-x8mp-5767","reference_id":"GHSA-fmfv-x8mp-5767","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fmfv-x8mp-5767"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19448?format=json","purl":"pkg:composer/drupal/core@9.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ed3c-h2ww-j3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/19451?format=json","purl":"pkg:composer/drupal/core@9.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ed3c-h2ww-j3gm"},{"vulnerability":"VCID-wcjd-ht3x-77e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.6"}],"aliases":["CVE-2022-25271","GHSA-fmfv-x8mp-5767"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjm8-gadp-jkhr"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.11"}