Name of the Vulnerable Software and Affected Versions: amphp/http-client (affected versions not specified)

Description: The issue is related to a security weakness that may cause sensitive request headers to leak from the initial request to the redirected host during cross-domain redirects. This happens because the headers were not removed correctly. The Message::setHeaders function does not replace the entire set of headers but only operates on the headers matching the given array keys.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.