Security Advisory

CVE-2022-31629

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-09-28 22:25:10

Last updated 2025-11-04 17:12:24

Assigner php

State PUBLISHED

Description

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victims browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

← Browse all CVEs View on cve.org ↗