ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

CVE-2022-36032

Affected version: >=0.7.0,<1.7.0

Reported by:
GitHub, FriendsOfPHP/security-advisories