CVE-2022-31629

Published: Sep 28, 2022

Modified: Nov 4, 2025

PUBLISHED

Description

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

Vendor	Product	Versions
PHP Group	PHP	affected `7.4.X - < 7.4.31` affected `8.0.X - < 8.0.24` affected `8.1.X - < 8.1.11`

Weaknesses (CWE)

CWE-20

References

https://bugs.php.net/bug.php?id=81727

FEDORA-2022-0b77fbd9e7

vendor-advisory

FEDORA-2022-afdea1c747

vendor-advisory

FEDORA-2022-f204e1d0ed

vendor-advisory

DSA-5277

vendor-advisory

GLSA-202211-03

vendor-advisory

https://security.netapp.com/advisory/ntap-20221209-0001/

[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update

mailing-list

FEDORA-2024-b46619f761

vendor-advisory

FEDORA-2024-39d50cc975

vendor-advisory

FEDORA-2024-5e8ae0def0

vendor-advisory

[oss-security] 20240412 PHP security releases 8.1.28, 8.2.18, & 8.3.6

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-31629

Description

Affected Products

Weaknesses (CWE)

References