Patch released for cross-domain cookie leakage flaw in Guzzle


UPDATED The maintainers of Guzzle, the hugely popular HTTP client for PHP applications, have addressed a high severity vulnerability leading to cross-domain cookie leakage.

The flaw, which has been assigned the number CVE-2022-29248, is caused by a failure to check if the cookie domain matches the domain of the server that sets the cookie via the Set-Cookie header. Read More…