6 matches found
CVE-2022-39284
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...
CVE-2022-39284
creationtimestamp| type| source ---|---|--- 2022-10-07 00:16:46+00:00| seen| https://t.me/cibsecurity/50937...
CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4
Impact Setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. Note This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set $secure = true in Config\Cookie. php...
CVE-2022-39284 Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...
CVE-2022-39284
CodeIgniter 4 prior to v4.2.7 has a cookie handling bug where setting secure or HttpOnly (Config\Cookie) is not reflected in set_cookie() or Response::setCookie(), causing cookie values to be exposed to scripts. The vulnerability is limited to non-session cookies and does not affect sessions. Aff...
CVE-2022-39284 Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...