Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victimβs browser which is treated as a __Host-Β or __Secure-Β cookie by PHP applications.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | php82 | <Β 8.2.18-r0 | UNKNOWN |
Alpine | edge-community | noarch | php83 | <Β 8.3.5-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | php81 | <Β 8.1.28-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | php82 | <Β 8.2.18-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | php83 | <Β 8.3.6-r0 | UNKNOWN |