Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jul 2026 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Guzzlephp
Guzzlephp guzzle |
|
| Vendors & Products |
Guzzlephp
Guzzlephp guzzle |
Thu, 09 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain() applied ordinary suffix matching to domains such as 192.168.0.1, [::1], or 1, allowing cross-host cookie disclosure, cookie injection, or session fixation. This issue is fixed in version 7.12.3. | |
| Title | Guzzle: Cookie Disclosure and Injection via IP-Address Domains | |
| Weaknesses | CWE-346 CWE-384 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-09T13:49:43.875Z
Reserved: 2026-07-07T16:40:07.982Z
Link: CVE-2026-59883
Updated: 2026-07-09T13:49:40.599Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-16T21:30:06Z