First published: Thu Feb 29 2024(Updated: )
It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/php-guzzlehttp-psr7 | <1.8.3-1ubuntu0.1~esm1 | 1.8.3-1ubuntu0.1~esm1 |
Ubuntu | =22.04 | |
All of | ||
ubuntu/php-guzzlehttp-psr7 | <1.4.2-0.1+deb10u2build0.20.04.1 | 1.4.2-0.1+deb10u2build0.20.04.1 |
Ubuntu | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of USN-6670-1 is categorized as a potential HTTP header injection vulnerability.
To fix USN-6670-1, you should update the php-guzzlehttp-psr7 package to version 1.8.3-1ubuntu0.1~esm1 for Ubuntu 22.04 or version 1.4.2-0.1+deb10u2build0.20.04.1 for Ubuntu 20.04.
USN-6670-1 affects the php-guzzlehttp-psr7 package on Ubuntu versions 20.04 and 22.04.
Yes, a remote attacker could potentially exploit USN-6670-1 to perform an HTTP header injection attack.
The potential impacts of USN-6670-1 include unauthorized actions or data breaches resulting from HTTP header injection.