Описание
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| php8.2 | fixed | 8.2.18-1 | package | |
| php7.4 | removed | package | ||
| php7.3 | removed | package |
Примечания
Fixed in: 8.2.18, 8.1.28
https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
https://github.com/php/php-src/commit/093c08af25fb323efa0c8e6154aa9fdeae3d3b53
EPSS
Связанные уязвимости
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
EPSS