In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victims browser which is treated as a __Host-
or __Secure-
cookie by PHP applications.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Php | Php | * | 7.4.31 (excluding) |
Php | Php | 8.0.0 (including) | 8.0.24 (excluding) |
Php | Php | 8.1.0 (including) | 8.1.11 (excluding) |