CVE-2024-47764
Description
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.
Risk Information
Base Score
3.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.205
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Cognos Controller 11.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 24.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.1 | Windows |
| Vulnerabilities CVE-2024-31141,CVE-2024-47764,CVE-2024-49338,CVE-2024-5535 are affected in IBM App Connect Enterprise 12.0.12.7 | Windows |
| Vulnerabilities CVE-2024-47764,CVE-2024-49338,CVE-2024-5535,CVE-2024-7254 are affected in IBM App Connect Enterprise 13.0.1.0 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234