0007479: EE: package guzzlehttp/psr-7 2.4.3 has security flaws

ID	Project	Category	View Status	Date Submitted	Last Update

0007479	OXID eShop (all versions)	4.04. Security	public	2023-06-06 09:44	2023-08-01 09:38

Reporter	michael_keiluweit	Assigned To
Priority	high	Severity	major	Reproducibility	always
Status	resolved	Resolution	open
Product Version	6.5.2
Fixed in Version	6.5.3

Summary	0007479: EE: package guzzlehttp/psr-7 2.4.3 has security flaws
Description	In EE 6.5.2 metapackage we have a requirement for guzzlehttp/psr7 version 2.4.3 which has security issues Initial: NVD - CVE-2022-24775 Follow Up: NVD - CVE-2023-29197 This dependency comes into metapackage because of unzer module ("oxid-esales/unzer": "v1.0.1").
Tags	Security

Theme	Not defined
Browser	Not defined
PHP Version	Not defined
Database Version	Not defined

michael_keiluweit 2023-06-06 09:45 administrator ~0015208	https://github.com/OXID-eSales/oxideshop_metapackage_ee/blob/v6.5.2/composer.json#L16