JLSEC-2026-615 Cookie jar accepts Secure/__Host-/__Secure- cookies from non-secure origins in HTTP.jl

Description setcookies! stored every parsed Set-Cookie after only checking that the response scheme was http or https, with no protection symmetric to the read path shouldsend, which already withholds Secure cookies from non-secure requests. A plaintext http origin could therefore plant a Secure...

CVE-2025-55162 Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

UBUNTU-CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that by injecting a cookie with certain special characters, an attacker on a shared subdomain, which is not a secure context, could set and overwrite cookies from a secure context, leading to session fixatio...