Fix CVE-2021-41196 in Monolog HIGH

Fix CVE-2021-41196 (log injection via headers) in Monolog for PHP. Paste your composer.json into PackageFix and get a patched version back — no CLI, no signup.

⚠ Vulnerability

CVE-2021-41196 — log injection via headers in Monolog. Update to ^3.5 or later.

Vulnerable Version — composer.json

"monolog/monolog": "^2.0"

Fixed Version — composer.json

"monolog/monolog": "^3.5"

✓ Fix

Update to ^3.5 and run composer install to apply the fix.

Scan your dependencies now — paste your manifest, get a fixed version back in seconds.

Open PackageFix →

No signup · No CLI · No GitHub connection · Runs 100% in your browser

Frequently Asked Questions

What is CVE-2021-41196?

CVE-2021-41196 is a vulnerability in Monolog that allows log injection via headers. Update to version ^3.5 or later to fix it.

Is CVE-2021-41196 on the CISA KEV catalog?

Check the live CISA KEV catalog at packagefix.dev — the catalog updates daily and PackageFix always reflects the current status.

How do I fix CVE-2021-41196 in Monolog?

Update Monolog to version ^3.5 or later in your composer.json. Run composer install after updating.

Does CVE-2021-41196 affect all versions of Monolog?

Check the OSV advisory for the exact affected version range. PackageFix shows the minimum safe version for your installed version.