Security Advisory

CVE-2025-21617

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-06 19:23:23
Last updated 2025-01-06 19:42:17
Assigner GitHub_M
State PUBLISHED

Description

Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixed in 0.8.1.