Vulnerability Database
296,746
Total vulnerabilities in the database
Improper Input Validation in nyholm/psr7
Impact
Improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n.
Patches
The issue is patched in 1.6.1.
Workarounds
There are no known workarounds.
References
- https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4
| Software | From | Fixed in |
|---|---|---|
nyholm / psr7
|
- | 1.6.1 |
- https://github.com/FriendsOfPHP/security-advisories/blob/master/nyholm/psr7/2023-04-17.yaml
- https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
- https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw
- https://github.com/Nyholm/psr7/security/advisories/GHSA-wjfc-pgfp-pv9c
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime