Search for vulnerabilities
Vulnerability details: VCID-5gzu-cums-1qh1
Vulnerability ID VCID-5gzu-cums-1qh1
Aliases GHSA-gm98-g2wf-7c68
Summary amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance In artax version before 1.0.6 and 2 before 2.0.6, cookies of `foo.bar.example.com` were leaked to `foo.bar`. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
No exploits are available.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2025-07-01T12:11:40.875902+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-gm98-g2wf-7c68/GHSA-gm98-g2wf-7c68.json 36.1.3