CVE-2022-36032 — Improper Input Validation in Http

CWE-20 — Improper Input Validation CWE-565 — Reliance on Cookies without Validation and Integrity Checking5 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 58.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Reactphp Http React Http

Timeline

PublishedSep 6

Latest updateSep 16

Description

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like `__Host-` and `__Secure-` confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. This issue is fixed in ReactPHP HTTP…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDreactphp/http0.7.0 — 1.7.0

▶CVEListV5reactphp/http>= 0.7.0, < 1.7.0

▶Packagistreact/http0.7.0 — 1.7.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent↗2022-09-16

▶

OSV

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent↗2022-09-16

▶

CVEList

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent↗2022-09-06

▶

OSV

CVE-2022-36032: ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP↗2022-09-06

▶