PT-2026-56501 · Guzzle · Guzzle

Publicado

2026-07-08

·

Atualizado

2026-07-08

·

CVE-2026-59883

CVSS v3.1

4.7

Média

VetorAV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain() applied ordinary suffix matching to domains such as 192.168.0.1, [::1], or 1, allowing cross-host cookie disclosure, cookie injection, or session fixation. This issue is fixed in version 7.12.3.

Correção

Session Fixation

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-59883

Produtos afetados

Guzzle