CVE-2023-29197

CVE-2023-29197

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (n) into both the header names and values. While the specification states that rnrn is used to terminate the header list, many servers in the wild will also accept nn. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade.

Source: CVE-2023-29197

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다