Unvalidated Follow redirects in guzzle/guzzle
May 25th 2022
There is some kind of vulnerability class in the following redirect feature, And Guzzle is also affected by this kind of vulnerability.
If the developer wants to get a URL from a third-party host and the third-party URL is also redirected to another URL, then the first crafted cookies in Guzzle will be disclosed to the final host. it is a Security issue that the guzzle should not send a cookie header in a redirection.
Proof of Concept
The cookies and important HTTP headers can be leaked to another party or even attacker ( e.g. there is a open redirect in third party site)