|
Vulnerabilities
< Back

CVE-2022-31629

Updated on 28 Sep 2022

Severity

6.5 Medium severity

Details

CVSS score
6.5
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim’s browser which is treated as a __Host- or __Secure- cookie by PHP applications.

Details

Affected product:
AlmaLinux 9.2 ESU , Alpine Linux 3.22 , CentOS 6 ELS , CentOS 7 ELS , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , CloudLinux 6 ELS , Debian 10 , Debian 10 ELS , Debian 11 , Debian 12 , Debian 13 , EL 10 , EL 6 , EL 7 , EL 8 , EL 9 , Oracle Linux 6 ELS , Ubuntu 16.04 , Ubuntu 16.04 ELS , Ubuntu 18.04 , Ubuntu 18.04 ELS , Ubuntu 20.04 , Ubuntu 22.04 , Ubuntu 24.04 , Windows 10
Affected packages:
php @ 5.4 (+176 more)
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim’s browser which is treated as a __Host- or __Secure- cookie by PHP applications.

Fixes