📦 Guzzle

Guzzle PHP HTTP client versions before 6.5.8 and 7.4.5 leak Authorization headers during cross-origin redirects when using the cURL handler. This exposes authentication credentials to unintended third...

Guzzle HTTP client versions before 6.5.7 and 7.4.4 expose sensitive cookie information during HTTP redirects. When a request to an HTTPS server redirects to HTTP or to a different host, manually added...

Guzzle PHP HTTP client versions prior to 6.5.6 and 7.4.3 have a cookie domain validation vulnerability that allows malicious servers to set cookies for unrelated domains. Only applications that manual...