Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-59883

MEDIUM NVD
CVSS Score 4.7
Severity MEDIUM
Published Jul 08, 2026
Vendor unknown

Description

Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain() applied ordinary suffix matching to domains such as 192.168.0.1, [::1], or 1, allowing cross-host cookie disclosure, cookie injection, or session fixation. This issue is fixed in version 7.12.3.

References