CVE-2024-47764
Description
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-47764? +
How do I check if I'm vulnerable to CVE-2024-47764? +
Related Vulnerabilities
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote …
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated …
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.
Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web …
Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed …
A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to …