GMS-2022-230: Cookie-setting is not restricted based on the public suffix list
(updated )
Responses from domain names whose public domain name suffix contains 1 or more periods (e.g. responses from example.co.uk
, given its public domain name suffix is co.uk
) are able to set cookies that are included in requests to any other domain sharing the same domain name suffix.
References
Detect and mitigate GMS-2022-230 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →