Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-2BFA60F76C5BB5C17FDA485B4B17BE43

HistoryMay 15, 2024 - 12:00 a.m.

amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance

2024-05-1500:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

amphp

artax

cookie leakage

non-restricted

fix

software

security

AI Score

Confidence

Low

JSON

In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site.
Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.

Affected configurations

Vulners

Node

packagistartaxRange2≥

packagistartaxRange<2.0.6

packagistartaxRange<1.0.6

VendorProductVersionCPE
packagistartax*cpe:2.3:a:packagist:artax:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
packagist	artax	*	cpe:2.3:a:packagist:artax::::::::

References

github.com/advisories/GHSA-gm98-g2wf-7c68

github.com/amphp/artax

github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4

github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d

github.com/amphp/artax/releases/tag/v2.0.6

github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml

AI Score

Confidence

Low

JSON