Lucene search
GitHub Advisory DatabaseGHSA-GM98-G2WF-7C68HistoryMay 15, 2024 - 5:52 p.m.
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
2024-05-1517:52:00
GitHub Advisory Database
github.com
2
artax
software
cookie leakage
wrong origins
non-restricted acceptance
7 High
AI Score
Confidence
Low
In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site.
Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.
Affected configurations
Node
amphpartaxRange<1.0.6
ORamphpartaxRange<2.0.6
| CPE | Name | Operator | Version |
|---|---|---|---|
| amphp/artax | lt | 1.0.6 | |
| amphp/artax | lt | 2.0.6 |
References
github.com/advisories/GHSA-gm98-g2wf-7c68
github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4
github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d
github.com/amphp/artax/releases/tag/v2.0.6
github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml
7 High
AI Score
Confidence
Low