HomePentest-Tools.com Logo

Drupal Third-party Library Information Disclosure Vulnerabilities (SA-CORE-2022-011) - Windows CVE-2022-31042CVE-2022-31043

Severity
CVSSv3 Score
7.5
Vulnerability description

Drupal is prone to multiple vulnerabilities in the third-party Guzzle library.

Risk description

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released two security advisories: - Failure to strip the Cookie header on change in host or HTTP downgrade - Fix failure to strip Authorization header on HTTP downgrade These do not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites.

Recommendation

Update to version 9.2.21, 9.3.16 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 10, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available