PKSA-kwfb-dvpm-qtpb Security Advisory
-
[MEDIUM] ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
PKSA-kwfb-dvpm-qtpb CVE-2022-36032 GHSA-w3w9-vrf5-8mx8
Affected package: react/http
Affected version: >=0.7.0,<1.7.0
Reported by:
GitHub, FriendsOfPHP/security-advisories