[MEDIUM] ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

PKSA-kwfb-dvpm-qtpb CVE-2022-36032 GHSA-w3w9-vrf5-8mx8

Affected version: >=0.7.0,<1.7.0

Reported by:
GitHub, FriendsOfPHP/security-advisories