14 lines
1.2 KiB
JSON
14 lines
1.2 KiB
JSON
{
|
|
"id": "openEuler-SA-2023-1273",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1273",
|
|
"title": "An update for php is now available for openEuler-22.03-LTS",
|
|
"severity": "Moderate",
|
|
"description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server.\r\n\r\nSecurity Fix(es):\r\n\r\nIn PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.(CVE-2022-31629)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-31629",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31629",
|
|
"severity": "Moderate"
|
|
}
|
|
]
|
|
} |