Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
Metrics
Affected Vendors & Products
References
History
Fri, 14 Feb 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Php
Php archive Tar |
|
CPEs | cpe:2.3:a:php:archive_tar:*:*:*:*:*:*:*:* | |
Vendors & Products |
Php
Php archive Tar |
|
Metrics |
ssvc
|
Thu, 13 Feb 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. | Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. |
Thu, 12 Dec 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |

Status: PUBLISHED
Assigner: php
Published:
Updated: 2025-02-13T17:46:30.643Z
Reserved: 2024-03-21T05:10:24.594Z
Link: CVE-2024-2756

Updated: 2024-08-01T19:25:41.700Z

Status : Awaiting Analysis
Published: 2024-04-29T04:15:07.890
Modified: 2025-02-13T18:17:57.060
Link: CVE-2024-2756
