Composer wont install because of vulnerabilities
ignacio-dev opened this issue · comments
Composer fails installing, audit throws this message:
+-------------------+----------------------------------------------------------------------------------+
| Package | guzzlehttp/guzzle |
| CVE | CVE-2022-31091 |
| Title | Change in port should be considered a change in origin |
| URL | https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699 |
| Affected versions | >=7,<7.4.5|>=4,<6.5.8 |
| Reported at | 2022-06-20T22:24:00+00:00 |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package | guzzlehttp/guzzle |
| CVE | CVE-2022-31090 |
| Title | CURLOPT_HTTPAUTH option not cleared on change of origin |
| URL | https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r |
| Affected versions | >=7,<7.4.5|>=4,<6.5.8 |
| Reported at | 2022-06-20T22:24:00+00:00 |