CVE-2022-31629

Опубликовано: 28 сент. 2022

Источник: ubuntu

Приоритет: medium

EPSS Средний

CVSS3: 6.5

Описание

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.

Релиз	Статус	Примечание
bionic	DNE
esm-infra-legacy/trusty	needed
esm-infra/focal	DNE
focal	DNE
jammy	DNE
trusty	ignored	end of standard support
trusty/esm	ignored	end of ESM support, was needed
upstream	needs-triage
xenial	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
esm-infra/focal	DNE
esm-infra/xenial	released	7.0.33-0ubuntu0.16.04.16+esm5
focal	DNE
jammy	DNE
trusty	DNE
upstream	needs-triage
xenial	ignored	end of standard support

Показывать по

Релиз	Статус	Примечание
bionic	released	7.2.24-0ubuntu0.18.04.15
esm-infra/bionic	released	7.2.24-0ubuntu0.18.04.15
esm-infra/focal	DNE
focal	DNE
jammy	DNE
trusty	DNE
upstream	needs-triage
xenial	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
esm-infra/focal	released	7.4.3-4ubuntu2.15
focal	released	7.4.3-4ubuntu2.15
jammy	DNE
trusty	DNE
upstream	needs-triage
xenial	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-infra/focal	DNE
focal	DNE
jammy	released	8.1.2-1ubuntu2.8
kinetic	released	8.1.7-1ubuntu3.1
lunar	released	8.1.12-1ubuntu2
mantic	DNE
noble	DNE
oracular	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 97%

0.32038

Средний

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2022-31629

CVSS3: 6.5

redhat

около 3 лет назад

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

CVE-2022-31629

CVSS3: 6.5

nvd

около 3 лет назад

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

CVE-2022-31629

CVSS3: 6.5

msrc

около 1 месяца назад

$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

CVE-2022-31629

CVSS3: 6.5

debian

около 3 лет назад

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ...

ROS-20240730-07

CVSS3: 6.5

redos

больше 1 года назад

Уязвимость php

EPSS

Процентиль: 97%

0.32038

Средний

6.5 Medium

CVSS3

CVE-2022-31629

Описание

Пакет php5

Пакет php7.0

Пакет php7.2

Пакет php7.4

Пакет php8.1

Ссылки на источники

Связанные уязвимости