Advisories for Composer/Amphp/Artax package

2024

amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance

In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.

2017

Cookie leakage to wrong origins and non-restricted cookie acceptance

Cookie leakage, non-restricted cookie acceptance

Cookies of foo.bar.example.com are leaked to foo.bar. Additionally, any site can set cookies for any other site.

2016

HTTP Proxy header vulnerability

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. See provided link.