Impact
Guzzle Services serializes scalar XML element values by wrapping them in CDATA sections. When an attacker supplies a value containing the CDATA terminator `]]>`, the CDATA block terminates early and the remainder is parsed as XML markup. This allows the attacker to inject new XML nodes or alter the structure of a request body, which can change how the downstream service interprets the operation, smuggle privileged fields, bypass parameter boundaries, or create duplicated elements. This weakness falls under CWE‑20 (Improper Input Validation) and CWE‑91 (XML Injection). The vulnerability is an outgoing request‑body integrity issue; it does not involve parsing responses and therefore does not directly allow code execution on the sender’s host. However, any injected XML content can lead to unintended behavior in the receiving service.
Affected Systems
The affected product is guzzlehttp/guzzle-services, versions prior to 1.5.4. Applications that use this library to serialize outgoing requests and that contain request parameters marked with `location: xml` for scalar element text are susceptible. If an attacker can control the value of such a parameter—whether from user input, tenant data, or other untrusted sources—the risk applies. The vulnerability does not affect XML attributes, response deserialization, or service descriptions that are already safely constructed.
Risk and Exploitability
The CVSS score of 5.8 indicates a medium severity. The EPSS score is not available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, so an up‑to‑date threat landscape does not show active exploitation. The attack vector is a remote injection through an application that forwards user input to a downstream XML service, so the likelihood of exploitation depends on the presence of such a flow. Once exploited, the attacker can manipulate operation semantics without needing elevated privileges on the application server but could affect the integrity and availability of the downstream service.
OpenCVE Enrichment
Github GHSA