Lucene search

K
githubGitHub Advisory DatabaseGHSA-GM98-G2WF-7C68
HistoryMay 15, 2024 - 5:52 p.m.

amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance

2024-05-1517:52:00
GitHub Advisory Database
github.com
2
artax
software
cookie leakage
wrong origins
non-restricted acceptance

7 High

AI Score

Confidence

Low

In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site.
Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.

Affected configurations

Vulners
Node
amphpartaxRange<1.0.6
OR
amphpartaxRange<2.0.6
CPENameOperatorVersion
amphp/artaxlt1.0.6
amphp/artaxlt2.0.6

7 High

AI Score

Confidence

Low