ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
- CVEs
- Documentation
ELS for Languages
- CVEs
- Releases
- Projects
- Documentation

CVE-2022-31629

Updated: 2023-03-10 12:28:07.061403

Description:

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x		0
CVSS Version 3.x	MEDIUM	6.5

Status

OS name	Project name	Version	Score	Severity	Status	Last updated
CentOS 6 ELS	php	5.3.3	6.5	MEDIUM	Ignored	2022-09-29 17:02:27
CentOS 8.4 ELS	php	7.4.6	6.5	MEDIUM	Ignored	2023-03-16 05:06:40
CentOS 8.5 ELS	php	7.4.19	6.5	MEDIUM	Ignored	2023-03-16 05:06:40
CloudLinux 6 ELS	php	5.3.3	6.5	MEDIUM	Ignored	2022-09-29 17:02:27
Oracle Linux 6 ELS	php	5.3.3	6.5	MEDIUM	Ignored	2022-09-29 17:02:29
Ubuntu 16.04 ELS	php	7.0.33	6.5	MEDIUM	In Testing	2023-03-21 08:44:40
Ubuntu 18.04 ELS	php	7.2.24-0	6.5	MEDIUM	Needs Triage	2023-03-06 07:38:19