In PHP versions prior to 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site malicious users to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
fedoraproject fedora 35 |
||
fedoraproject fedora 36 |
||
fedoraproject fedora 37 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |