In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 07:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2024/04/12/11 - | |
References | () https://bugs.php.net/bug.php?id=81727 - Exploit, Permissions Required, Vendor Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSJVPJTX7T3J5V7XHR4MFNHZGP44R5XE/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY/ - | |
References | () https://security.gentoo.org/glsa/202211-03 - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20221209-0001/ - Third Party Advisory | |
References | () https://www.debian.org/security/2022/dsa-5277 - Third Party Advisory |
29 Oct 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1284 |
01 May 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Apr 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Apr 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Apr 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2022-09-28 23:15
Updated : 2024-11-21 07:04
NVD link : CVE-2022-31629
Mitre link : CVE-2022-31629
CVE.ORG link : CVE-2022-31629
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
php
- php
CWE
CWE-20
Improper Input Validation
NVD-CWE-noinfo CWE-1284Improper Validation of Specified Quantity in Input