libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name is provided with a trailing dot. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-27779