Skip to content

Improper Input Validation in nyholm/psr7

Moderate
Nyholm published GHSA-wjfc-pgfp-pv9c Apr 17, 2023

Package

composer nyholm/psr7 (Composer)

Affected versions

<=1.6

Patched versions

1.6.1

Description

Impact

Improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n.

Patches

The issue is patched in 1.6.1.

Workarounds

There are no known workarounds.

References

Severity

Moderate

CVE ID

CVE-2023-29197

Weaknesses

No CWEs