CVE-2022-31629

Updated: 2022-11-22 19:14:41.45147

Description:

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated
EL 6 PHP php 7.0 6.5 MEDIUM Released CLSA-2022:1668725884 2022-11-17 20:16:20
EL 6 PHP php 5.3 6.5 MEDIUM Released CLSA-2022:1668724374 2022-11-17 20:16:20
EL 6 PHP php 5.6 6.5 MEDIUM Released CLSA-2022:1668725481 2022-11-17 20:16:20
EL 6 PHP php 5.4 6.5 MEDIUM Released CLSA-2022:1668724734 2022-11-17 20:16:20
EL 6 PHP php 7.2 6.5 MEDIUM Released CLSA-2022:1668727005 2022-11-17 20:16:20
EL 6 PHP php 5.5 6.5 MEDIUM Released CLSA-2022:1668725133 2022-11-17 20:16:20
EL 6 PHP php 7.1 6.5 MEDIUM Released CLSA-2022:1668726567 2022-11-17 20:16:20
EL 6 PHP php 5.2 6.5 MEDIUM Released CLSA-2022:1668724026 2022-11-17 20:16:20
EL 6 PHP php 5.1 6.5 MEDIUM Released CLSA-2022:1668723661 2022-11-17 20:16:20
EL 6 PHP php 7.3 6.5 MEDIUM Released CLSA-2022:1668727418 2022-11-17 20:16:19
Total: 70

Statement

Will not fix: low score