Lucene search
Veracode Vulnerability DatabaseVERACODE:35712HistoryMay 26, 2022 - 4:37 a.m.
Cross-domain Cookie Leakage
2022-05-2604:37:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
24
0.002 Low
EPSS
Percentile
61.2%
guzzlehttp/guzzle is vulnerable to cross-domain cookie leakage. The library does not check if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, which allows an attacker to set malicious domains and redirect the victim to harmful third party servers.
References
github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab
github.com/guzzle/guzzle/commit/f092dd734083473658de3ee4bef093ed77d2689c
github.com/guzzle/guzzle/pull/3018
github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
www.debian.org/security/2022/dsa-5246
www.drupal.org/sa-core-2022-010
Related
github
github
Cross-domain cookie leakage in Guzzle
2022-05-25 18:09:55
osv
osv
CVE-2022-29248
2022-05-25 18:15:08
BIT-drupal-2022-29248
2024-03-06 10:52:24
Cross-domain cookie leakage in Guzzle
2022-05-25 18:09:55
nvd
nvd
CVE-2022-29248
2022-05-25 18:15:08
nessus
nessus
Drupal 9.2.x < 9.2.20 / 9.3.x < 9.3.14 Drupal Vulnerability (SA-CORE-2022-010)
2022-05-25 00:00:00
FreeBSD : mediawiki -- multiple vulnerabilities (5ab54ea0-fa94-11ec-996c-080027b24e86)
2022-07-03 00:00:00
Debian DSA-5246-1 : mediawiki - security update
2022-10-05 00:00:00
drupal
drupal
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-010
2022-05-25 00:00:00
openvas
openvas
Drupal Third-party Library Information Disclosure Vulnerability (SA-CORE-2022-010) - Windows
2022-05-31 00:00:00
Drupal Third-party Library Information Disclosure Vulnerability (SA-CORE-2022-010) - Linux
2022-05-31 00:00:00
Mageia: Security Advisory (MGASA-2022-0338)
2022-09-19 00:00:00
prion
prion
Design/Logic Flaw
2022-05-25 18:15:00
cve
cve
CVE-2022-29248
2022-05-25 18:15:08
cvelist
cvelist
CVE-2022-29248 Cross-domain cookie leakage in Guzzle
2022-05-25 00:00:00
debiancve
debiancve
CVE-2022-29248
2022-05-25 18:15:08
cnvd
cnvd
Guzzle Information Disclosure Vulnerability
2022-05-27 00:00:00
ubuntucve
ubuntucve
CVE-2022-29248
2022-05-25 00:00:00
friendsofphp
friendsofphp
Cross-domain cookie leakage
2022-05-25 13:21:00
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2022-05-16 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerability
2022-09-16 22:39:55
debian
debian
[SECURITY] [DSA 5246-1] mediawiki security update
2022-10-04 18:53:33