漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper header name validation in guzzlehttp/psr7
Vulnerability Description
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
解释冲突
Vulnerability Title
PSR-7 Message Implementation 安全漏洞
Vulnerability Description
PSR-7 Message Implementation是一个完整的 PSR-7 消息实现。 PSR-7 Message Implementation 存在安全漏洞,该漏洞源于存在不正确的标头解析问题,攻击者利用该漏洞可以在标头名称和值中加入换行符。
CVSS Information
N/A
Vulnerability Type
N/A