Lavish

**Name of the Vulnerable Software and Affected Versions** PHP (affected versions not specified) **Description** The issue is related to the incorrect handling of cookies by PHP applications, allowing network and same-site attackers to set a standard insecure cookie in the victim's browser, which is then treated as a Host- or Secure- cookie. This can potentially lead to session hijacking and unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Werkzeug versions prior to 2.2.3 **Description** The issue is related to how Werkzeug handles "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `= Host-test=bad` for another subdomain. Werkzeug will parse the cookie `= Host-test=bad` as ` Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. **Recommendations** For Werkzeug versions prior to 2.2.3, update to version 2.2.3 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable subdomain to minimize the risk of exploitation. Avoid using vulnerable browsers that allow "nameless" cookies.

**Name of the Vulnerable Software and Affected Versions** ReactPHP HTTP versions 0.7.0 through 1.7.0 **Description** The issue arises when ReactPHP's HTTP server component processes incoming HTTP cookie values, url-decoding the cookie names. This can lead to confusion between cookies with prefixes like ` Host-` and ` Secure-` and those that decode to such prefixes, allowing an attacker to forge secure cookies. **Recommendations** For ReactPHP HTTP versions 0.7.0 through 1.6.x, update to version 1.7.0 to resolve the issue. As a temporary workaround for versions 0.7.0 through 1.6.x, consider placing a reverse proxy in front of the ReactPHP HTTP server to filter out any unexpected `Cookie` request headers.