Project: Drupal coreDate: 2022-June-10Security risk: Moderately critical 13∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Third-party librariesCVE IDs: CVE-2022-31042CVE-2022-31043Description: Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released two security advisories:Failure to strip the Cookie header on change in host or HTTP downgradeFix failure to strip Authorization header on
More info:
https://www.drupal.org/sa-core-2022-011
Artículo de publicado en http://www.ccn-cert.cni.es/component/vulnerabilidades/view/33523.html