GHSA-8jp9-mpv9-98rj

Опубликовано: 15 мая 2024

Источник: github

Github: Прошло ревью

CVSS3: 4

Описание

amphp/http-client Header leakage on cross-domain redirects

amphp/http-client has a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matching the given array keys.

Ссылки

https://github.com/amphp/http-client/commit/fa7925363e6d5a0d0d337e2e6eb1affb93cf226e
https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/http-client/2020-06-16.yaml
https://github.com/amphp/http-client/releases/tag/v4.4.0

Пакеты

Наименование

amphp/http-client

composer

Затронутые версииВерсия исправления

>= 4.0.0, < 4.4.0

4.4.0

4 Medium

CVSS3

4 Medium

CVSS3