(RHSA-2017:2913) Moderate: rh-nodejs6-nodejs-tough-cookie security update

2017-10-18T20:29:25
ID RHSA-2017:2913
Type redhat
Reporter RedHat
Modified 2018-06-13T01:28:23

Description

Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar.

The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs-tough-cookie (2.3.3). (BZ#1497701)

Security Fix(es):

  • A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU. (CVE-2017-15010)