Search for packages
| purl | pkg:composer/amphp/artax@0.6.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-48c5-a36e-dbfd
Aliases: GHSA-gm98-g2wf-7c68 |
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance In artax version before 1.0.6 and 2 before 2.0.6, cookies of `foo.bar.example.com` were leaked to `foo.bar`. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-j1u4-14p9-9fdn
Aliases: 2017-05-09 |
Cookie leakage to wrong origins and non-restricted cookie acceptance |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-t4d6-pvhk-mfaw
Aliases: GMS-2017-131 |
Cookie leakage, non-restricted cookie acceptance Cookies of `foo.bar.example.com` are leaked to foo.bar. Additionally, any site can set cookies for any other site. |
Affected by 0 other vulnerabilities. |
|
VCID-zawz-vky5-tkgt
Aliases: CVE-2016-5385 GHSA-m6ch-gg5f-wxx3 |
Improper Access Control PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the `HTTP_PROXY` environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an `httpoxy` issue. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||