[HIGH] Failure to strip the Cookie header on change in host or HTTP downgrade

PKSA-fvw5-9t6n-nwvr CVE-2022-31042 GHSA-f2wf-25xc-69c9

Affected package: guzzlehttp/guzzle

Affected version: >=7,<7.4.4|>=4,<6.5.7

Reported by:
GitHub, FriendsOfPHP/security-advisories