Innovate faster and cut risk with PHP experts from Zend Services.
Explore Services
See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP
Read More
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Explore Training
Submit support requests and browse self-service resources.
Explore Support
CVE-2022-31629 php: standard insecure cookie could be treated as a `__Host-` or `__Secure-` cookie by PHP applications
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
__Host-
__Secure-
If you use same-site cookies, and are on PHP versions prior to 7.4.31, 8.0 versions prior to 8.0.24, or 8.1 versions prior to 8.1.11, you should update to a patched or newer version of PHP.
Direct link to CVE-2022-31629 >
< View all CVEs