[HIGH] CURLOPT_HTTPAUTH option not cleared on change of origin

PKSA-k1b4-kshy-xgbh CVE-2022-31090 GHSA-25mq-v84q-4j7r

Affected version: >=7,<7.4.5|>=4,<6.5.8

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] Change in port should be considered a change in origin

PKSA-yfw5-9gnj-n2c7 CVE-2022-31091 GHSA-q559-8m2m-g699

Affected version: >=7,<7.4.5|>=4,<6.5.8

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] Failure to strip the Cookie header on change in host or HTTP downgrade

PKSA-fvw5-9t6n-nwvr CVE-2022-31042 GHSA-f2wf-25xc-69c9

Affected version: >=7,<7.4.4|>=4,<6.5.7

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] Fix failure to strip Authorization header on HTTP downgrade

PKSA-2z36-j4q9-rsfy CVE-2022-31043 GHSA-w248-ffj2-4v5q

Affected version: >=7,<7.4.4|>=4,<6.5.7

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] Cross-domain cookie leakage

PKSA-6d8m-6kgw-18zr CVE-2022-29248 GHSA-cwmx-hcrq-mhc3

Affected version: >=7,<7.4.3|>=4,<6.5.6

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] HTTP Proxy header vulnerability

PKSA-stmn-hvzq-wph6 CVE-2016-5385 GHSA-m6ch-gg5f-wxx3

Affected version: >=6,<6.2.1|>=4.0.0-rc2,<4.2.4|>=5,<5.3.1

Reported by:
GitHub, FriendsOfPHP/security-advisories