<p>Upgrade <code>amphp/http-client</code> to version 4.4.0 or higher.</p>

=4.0.0, <4.4.0

Snyk CVSS

Attack Complexity Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-AMPHPHTTPCLIENT-572475
published 17 Jun 2020
disclosed 17 Jun 2020
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 17 Jun 2020

CWE-200 Open this link in a new tab

How to fix?

Upgrade amphp/http-client to version 4.4.0 or higher.

Overview

amphp/http-client is an asynchronous concurrent HTTP/2 and HTTP/1.1 client built on the Amp concurrency framework.

Affected versions of this package are vulnerable to Information Exposure. Sensitive request headers from the initial request could be sent to the redirected host on cross-domain redirects, which were not removed correctly.

References

GitHub Commit
GitHub Release