Mayela

**Name of the Vulnerable Software and Affected Versions** Guzzle versions prior to 6.5.6 and 7.4.3 **Description** The issue is related to the cookie middleware in Guzzle, a PHP HTTP client. It does not check if the cookie domain equals the domain of the server that sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. This affects users who manually add the cookie middleware to the handler stack or construct the client with `['cookies' => true]`. Users who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected. **Recommendations** For versions prior to 6.5.6, upgrade to version 6.5.6. For versions prior to 7.4.3, upgrade to version 7.4.3. As a temporary workaround, consider turning off the cookie middleware.