Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: php
Published: 2024-04-29T03:34:16.912Z
Updated: 2024-08-01T19:25:41.700Z
Reserved: 2024-03-21T05:10:24.594Z
Link: CVE-2024-2756
Vulnrichment
Updated: 2024-08-01T19:25:41.700Z
NVD
Status : Awaiting Analysis
Published: 2024-04-29T04:15:07.890
Modified: 2024-06-10T18:15:30.570
Link: CVE-2024-2756
Redhat