In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a __Host-
or __Secure-
cookie by PHP applications.
{ "cpes": [ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" ], "severity": "Medium" }