First published: Thu Oct 06 2022(Updated: )
CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/codeigniter4/framework | <4.2.7 | |
Codeigniter Codeigniter | >=4.0.0<4.2.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-39284 is a vulnerability in CodeIgniter version 4.2.7 that allows cookie values to be exposed to scripts due to the Config\Cookie Secure or HttpOnly flag not being set properly.
CVE-2022-39284 has a severity rating of 4.3, which is considered medium.
CVE-2022-39284 affects CodeIgniter versions prior to 4.2.7.
To fix CVE-2022-39284, update CodeIgniter to version 4.2.7 or later and ensure that the `$secure` and `$httponly` values are set to `true` in Config\Cookie.
You can find more information about CVE-2022-39284 in the official CodeIgniter documentation and the GitHub security advisory.