Report
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds. Some WordPress plugins and themes use this dependency though that doesn’t necessarily mean the plugin itself is vulnerable to exploitation.
Score:7.5
Severity:High
Version:8.0.0-9.2.15,9.3.0-9.3.8
There is a patch available in v9.2.16,9.3.9 and we strongly recommend you update to this version as soon as possible.
