Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:5 p.m.8 views

CVE-2022-39284

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...

4.3CVSS6.9AI score0.00825EPSS
Exploits1References1
Circl
Circl
added 2022/10/07 12:16 a.m.7 views

CVE-2022-39284

creationtimestamp| type| source ---|---|--- 2022-10-07 00:16:46+00:00| seen| https://t.me/cibsecurity/50937...

4.3CVSS4.6AI score0.00825EPSS
Exploits1References1
Friends Of PHP
Friends Of PHP
added 2022/10/06 9:39 a.m.36 views

CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4

Impact Setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. Note This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set $secure = true in Config\Cookie. php...

4.3CVSS4.2AI score0.00825EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2022/10/06 12:0 a.m.46 views

CVE-2022-39284 Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...

2.6CVSS5AI score0.00825EPSS
Exploits1References6
CVE
CVE
added 2022/10/06 12:0 a.m.84 views

CVE-2022-39284

CodeIgniter 4 prior to v4.2.7 has a cookie handling bug where setting secure or HttpOnly (Config\Cookie) is not reflected in set_cookie() or Response::setCookie(), causing cookie values to be exposed to scripts. The vulnerability is limited to non-session cookies and does not affect sessions. Aff...

4.3CVSS4.3AI score0.00825EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/06 12:0 a.m.6 views

CVE-2022-39284 Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...

2.6CVSS5.1AI score0.00825EPSS
Exploits1References6
Rows per page
Query Builder