CVE-2022-24775

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-24775
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24775.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-24775
Aliases
Downstream
Published
2022-03-21T19:00:17Z
Modified
2026-04-02T07:54:13.997430Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Improper Input Validation in guzzlehttp/psr7
Details

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24775.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-20"
    ]
}
References

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type
GIT
Repo
https://github.com/drupal/drupal
Events
Introduced
35c2f3ca5c935f3d8bde15932a712677c9bbd50f
Fixed
7dedb70d1d4d58709908dc6c665c322ed47e4744
Introduced
698ee686c23de8c97d7e0601cf745b220d54f4e1
Fixed
cce59c58baffd5b1f31102b480e0dd33c2d56f43
Database specific 
{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "9.2.16"
        },
        {
            "introduced": "9.3.0"
        },
        {
            "fixed": "9.3.9"
        }
    ]
}

Affected versions

10.*
10.0.0
10.0.0-alpha1
10.0.0-alpha2
10.0.0-alpha3
10.0.0-alpha4
10.0.0-alpha5
10.0.0-alpha6
10.0.0-alpha7
10.0.0-beta1
10.0.0-beta2
10.0.0-rc1
10.0.0-rc2
10.0.0-rc3
10.0.1
10.0.10
10.0.11
10.0.2
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9
10.1.0
10.1.0-alpha1
10.1.0-beta1
10.1.0-rc1
10.1.1
10.1.2
10.1.3
10.1.4
10.1.5
10.1.6
10.1.7
10.1.8
10.2.0
10.2.0-alpha1
10.2.0-beta1
10.2.0-rc1
10.2.1
10.2.10
10.2.11
10.2.12
10.2.2
10.2.3
10.2.4
10.2.5
10.2.6
10.2.7
10.2.8
10.2.9
10.3.0
10.3.0-beta1
10.3.0-rc1
10.3.1
10.3.10
10.3.11
10.3.12
10.3.13
10.3.14
10.3.2
10.3.3
10.3.4
10.3.5
10.3.6
10.3.7
10.3.8
10.3.9
10.4.0
10.4.0-beta1
10.4.0-rc1
10.4.1
10.4.2
10.4.3
10.4.4
10.4.5
10.4.6
10.4.7
10.4.8
10.4.9
10.5.0
10.5.0-beta1
10.5.0-rc1
10.5.1
10.5.2
10.5.3
10.5.4
10.5.5
10.5.6
10.5.7
10.5.8
10.6.0
10.6.0-beta1
10.6.0-rc1
10.6.1
10.6.2
10.6.3
10.6.4
10.6.5
11.*
11.0.0
11.0.0-alpha1
11.0.0-beta1
11.0.0-rc1
11.0.1
11.0.10
11.0.11
11.0.12
11.0.13
11.0.2
11.0.3
11.0.4
11.0.5
11.0.6
11.0.7
11.0.8
11.0.9
11.1.0
11.1.0-beta1
11.1.0-rc1
11.1.1
11.1.2
11.1.3
11.1.4
11.1.5
11.1.6
11.1.7
11.1.8
11.1.9
11.2.0
11.2.0-alpha1
11.2.0-beta1
11.2.0-rc1
11.2.0-rc2
11.2.1
11.2.10
11.2.2
11.2.3
11.2.4
11.2.5
11.2.6
11.2.7
11.2.8
11.2.9
11.3.0
11.3.0-alpha1
11.3.0-beta1
11.3.0-rc1
11.3.0-rc2
11.3.1
11.3.2
11.3.3
11.3.4
11.3.5
8.*
8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.1.0
8.1.0-beta1
8.1.0-beta2
8.1.0-rc1
8.1.1
8.1.10
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.1.7
8.1.8
8.1.9
8.2.0
8.2.0-beta1
8.2.0-beta2
8.2.0-beta3
8.2.0-rc1
8.2.0-rc2
8.2.1
8.2.2
8.2.3
8.2.4
8.2.5
8.2.6
8.2.7
8.2.8
8.3.0
8.3.0-alpha1
8.3.0-beta1
8.3.0-rc1
8.3.0-rc2
8.3.1
8.3.2
8.3.3
8.3.4
8.3.5
8.3.6
8.3.7
8.3.8
8.3.9
8.4.0
8.4.0-alpha1
8.4.0-beta1
8.4.0-rc1
8.4.0-rc2
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.4.6
8.4.7
8.4.8
8.5.0
8.5.0-alpha1
8.5.0-beta1
8.5.0-rc1
8.5.1
8.5.10
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6
8.5.7
8.5.8
8.5.9
8.6.0
8.6.0-alpha1
8.6.0-beta1
8.6.0-beta2
8.6.0-rc1
8.6.1
8.6.10
8.6.11
8.6.12
8.6.13
8.6.14
8.6.15
8.6.16
8.6.17
8.6.18
8.6.2
8.6.3
8.6.4
8.6.5
8.6.6
8.6.7
8.6.8
8.6.9
8.7.0
8.7.0-alpha1
8.7.0-alpha2
8.7.0-beta1
8.7.0-beta2
8.7.0-rc1
8.7.1
8.7.10
8.7.11
8.7.12
8.7.13
8.7.14
8.7.2
8.7.3
8.7.4
8.7.5
8.7.6
8.7.7
8.7.8
8.7.9
8.8.0
8.8.0-alpha1
8.8.0-beta1
8.8.0-rc1
8.8.1
8.8.10
8.8.11
8.8.12
8.8.2
8.8.3
8.8.4
8.8.5
8.8.6
8.8.7
8.8.8
8.8.9
8.9.0
8.9.0-beta1
8.9.0-beta2
8.9.0-beta3
8.9.0-rc1
8.9.1
8.9.10
8.9.11
8.9.12
8.9.13
8.9.14
8.9.15
8.9.16
8.9.17
8.9.18
8.9.19
8.9.2
8.9.20
8.9.3
8.9.4
8.9.5
8.9.6
8.9.7
8.9.8
8.9.9
9.*
9.0.0
9.0.0-alpha1
9.0.0-alpha2
9.0.0-beta1
9.0.0-beta2
9.0.0-beta3
9.0.0-rc1
9.0.1
9.0.10
9.0.11
9.0.12
9.0.13
9.0.14
9.0.2
9.0.3
9.0.4
9.0.5
9.0.6
9.0.7
9.0.8
9.0.9
9.1.0
9.1.0-alpha1
9.1.0-beta1
9.1.0-rc1
9.1.0-rc2
9.1.0-rc3
9.1.1
9.1.10
9.1.11
9.1.12
9.1.13
9.1.14
9.1.15
9.1.2
9.1.3
9.1.4
9.1.5
9.1.6
9.1.7
9.1.8
9.1.9
9.2.0
9.2.0-alpha1
9.2.0-beta1
9.2.0-beta2
9.2.0-beta3
9.2.0-rc1
9.2.1
9.2.10
9.2.11
9.2.12
9.2.13
9.2.14
9.2.15
9.2.2
9.2.3
9.2.4
9.2.5
9.2.6
9.2.7
9.2.8
9.2.9
9.3.0
9.3.0-alpha1
9.3.0-beta1
9.3.0-beta2
9.3.0-beta3
9.3.0-rc1
9.3.1
9.3.2
9.3.3
9.3.4
9.3.5
9.3.6
9.3.7
9.3.8
9.4.0
9.4.0-alpha1
9.4.0-beta1
9.4.0-rc1
9.4.0-rc2
9.4.1
9.4.10
9.4.11
9.4.12
9.4.13
9.4.14
9.4.15
9.4.2
9.4.3
9.4.4
9.4.5
9.4.6
9.4.7
9.4.8
9.4.9
9.5.0
9.5.0-beta1
9.5.0-beta2
9.5.0-rc1
9.5.0-rc2
9.5.1
9.5.10
9.5.11
9.5.2
9.5.3
9.5.4
9.5.5
9.5.6
9.5.7
9.5.8
9.5.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24775.json"

Git / github.com/guzzle/psr7

Affected ranges

Type
GIT
Repo
https://github.com/guzzle/psr7
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
902db15a551a4a415e732b622282e21ce1b508b4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.8.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/guzzle/psr7
Events
Introduced
1dc8d9cba3897165e16d12bb13d813afb1eb3fe7
Fixed
53491b6394cdcb66880063b82c0b16cf082711eb
Database specific 
{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.1.1"
        }
    ]
}

Affected versions

1.*
1.0.0
1.1.0
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.3.1
1.4.0
1.4.1
1.4.2
1.5.0
1.5.1
1.5.2
1.6.0
1.6.1
1.7.0
1.8.0
1.8.1
1.8.2
1.8.3
2.*
2.0.0
2.0.0-beta1
2.0.0-rc1
2.1.0
2.1.1
2.1.2
2.2.0
2.2.1
2.2.2
2.3.0
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.5.0
2.5.1
2.6.0
2.6.1
2.6.2
2.6.3
2.7.0
2.7.1
2.8.0
2.8.1
2.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24775.json"