Using cookies is security-sensitive. It has led in the past to the following vulnerabilities:

* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11639[CVE-2018-11639]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6537[CVE-2016-6537]

Attackers can use widely-available tools to read cookies. Any sensitive information they may contain will be exposed.


This rule flags code that writes cookies.