Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/php-guzzlehttp-psr7@2.4.5-1?distro=trixie
Typedeb
Namespacedebian
Namephp-guzzlehttp-psr7
Version2.4.5-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.7.1-1
Latest_non_vulnerable_version2.9.0-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4tr3-8z2d-5fh6
vulnerability_id VCID-4tr3-8z2d-5fh6
summary 
Interpretation Conflict
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29197
reference_id
reference_type
scores
0
value 0.02291
scoring_system epss
scoring_elements 0.84675
published_at 2026-04-07T12:55:00Z
1
value 0.02291
scoring_system epss
scoring_elements 0.84711
published_at 2026-04-13T12:55:00Z
2
value 0.02291
scoring_system epss
scoring_elements 0.84718
published_at 2026-04-12T12:55:00Z
3
value 0.02291
scoring_system epss
scoring_elements 0.84722
published_at 2026-04-11T12:55:00Z
4
value 0.02291
scoring_system epss
scoring_elements 0.84704
published_at 2026-04-09T12:55:00Z
5
value 0.02291
scoring_system epss
scoring_elements 0.84653
published_at 2026-04-02T12:55:00Z
6
value 0.02291
scoring_system epss
scoring_elements 0.84673
published_at 2026-04-04T12:55:00Z
7
value 0.02291
scoring_system epss
scoring_elements 0.84697
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29197
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24775
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24775
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29197
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29197
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2023-29197.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2023-29197.yaml
4
reference_url https://github.com/guzzle/psr7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7
5
reference_url https://lists.debian.org/debian-lts-announce/2023/12/msg00028.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/12/msg00028.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U/
10
reference_url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034581
reference_id 1034581
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034581
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034597
reference_id 1034597
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034597
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29197
reference_id CVE-2023-29197
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29197
14
reference_url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
15
reference_url https://github.com/advisories/GHSA-wxmh-65f7-jcvw
reference_id GHSA-wxmh-65f7-jcvw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wxmh-65f7-jcvw
16
reference_url https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw
reference_id GHSA-wxmh-65f7-jcvw
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw
17
reference_url https://usn.ubuntu.com/6670-1/
reference_id USN-6670-1
reference_type
scores
url https://usn.ubuntu.com/6670-1/
18
reference_url https://usn.ubuntu.com/6671-1/
reference_id USN-6671-1
reference_type
scores
url https://usn.ubuntu.com/6671-1/
fixed_packages
0
url pkg:deb/debian/php-guzzlehttp-psr7@1.7.0-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/php-guzzlehttp-psr7@1.7.0-1%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-guzzlehttp-psr7@1.7.0-1%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/php-guzzlehttp-psr7@2.4.5-1?distro=trixie
purl pkg:deb/debian/php-guzzlehttp-psr7@2.4.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-guzzlehttp-psr7@2.4.5-1%3Fdistro=trixie
2
url pkg:deb/debian/php-guzzlehttp-psr7@2.7.1-1?distro=trixie
purl pkg:deb/debian/php-guzzlehttp-psr7@2.7.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-guzzlehttp-psr7@2.7.1-1%3Fdistro=trixie
3
url pkg:deb/debian/php-guzzlehttp-psr7@2.9.0-1?distro=trixie
purl pkg:deb/debian/php-guzzlehttp-psr7@2.9.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-guzzlehttp-psr7@2.9.0-1%3Fdistro=trixie
aliases CVE-2023-29197, GHSA-wxmh-65f7-jcvw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tr3-8z2d-5fh6
1
url VCID-wbuz-qcp3-43aq
vulnerability_id VCID-wbuz-qcp3-43aq
summary 
Improper Input Validation
guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
reference_id
reference_type
scores
0
value 0.00933
scoring_system epss
scoring_elements 0.76084
published_at 2026-04-02T12:55:00Z
1
value 0.00933
scoring_system epss
scoring_elements 0.7614
published_at 2026-04-13T12:55:00Z
2
value 0.00933
scoring_system epss
scoring_elements 0.76143
published_at 2026-04-12T12:55:00Z
3
value 0.00933
scoring_system epss
scoring_elements 0.76167
published_at 2026-04-11T12:55:00Z
4
value 0.00933
scoring_system epss
scoring_elements 0.76142
published_at 2026-04-09T12:55:00Z
5
value 0.00933
scoring_system epss
scoring_elements 0.76128
published_at 2026-04-08T12:55:00Z
6
value 0.00933
scoring_system epss
scoring_elements 0.76095
published_at 2026-04-07T12:55:00Z
7
value 0.00933
scoring_system epss
scoring_elements 0.76116
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24775
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml
3
reference_url https://github.com/guzzle/psr7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/guzzle/psr7
4
reference_url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
5
reference_url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
6
reference_url https://www.drupal.org/sa-core-2022-006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://www.drupal.org/sa-core-2022-006
7
reference_url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
reference_id 1008236
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
reference_id CVE-2022-24775
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
10
reference_url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
11
reference_url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/
url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
12
reference_url https://usn.ubuntu.com/6670-1/
reference_id USN-6670-1
reference_type
scores
url https://usn.ubuntu.com/6670-1/
fixed_packages
0
url pkg:deb/debian/php-guzzlehttp-psr7@1.7.0-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/php-guzzlehttp-psr7@1.7.0-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-guzzlehttp-psr7@1.7.0-1%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/php-guzzlehttp-psr7@1.7.0-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/php-guzzlehttp-psr7@1.7.0-1%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-guzzlehttp-psr7@1.7.0-1%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/php-guzzlehttp-psr7@1.8.5-1?distro=trixie
purl pkg:deb/debian/php-guzzlehttp-psr7@1.8.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-guzzlehttp-psr7@1.8.5-1%3Fdistro=trixie
3
url pkg:deb/debian/php-guzzlehttp-psr7@2.4.5-1?distro=trixie
purl pkg:deb/debian/php-guzzlehttp-psr7@2.4.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-guzzlehttp-psr7@2.4.5-1%3Fdistro=trixie
4
url pkg:deb/debian/php-guzzlehttp-psr7@2.7.1-1?distro=trixie
purl pkg:deb/debian/php-guzzlehttp-psr7@2.7.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-guzzlehttp-psr7@2.7.1-1%3Fdistro=trixie
5
url pkg:deb/debian/php-guzzlehttp-psr7@2.9.0-1?distro=trixie
purl pkg:deb/debian/php-guzzlehttp-psr7@2.9.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-guzzlehttp-psr7@2.9.0-1%3Fdistro=trixie
aliases CVE-2022-24775, GHSA-q7rv-6hp3-vh96
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbuz-qcp3-43aq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/php-guzzlehttp-psr7@2.4.5-1%3Fdistro=trixie