EUVD-2026-1132

Malicious code in redis-cookie-parser npm...

Malicious code in redis-cookie-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91375f4f82c5d4299e69cf91489e82b06358bccaa40ec51ab1c19c3e03e3e99a The package redis-cookie-parser was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview redis-cookie-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-67 Malicious code in redis-cookie-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91375f4f82c5d4299e69cf91489e82b06358bccaa40ec51ab1c19c3e03e3e99a The package redis-cookie-parser was found to contain malicious code. Source: ghsa-malware...

EUVD-2024-3106

Malicious code in bioql PyPI...

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

MAL-2025-3541 Malicious code in express-cookie-parser (npm)

This package impersonates the popular 'cookie-parser' package. Remote code execution, persistence, self-deletion, and obfuscation found in the package's code confirm its malicious nature...

Malicious code in express-cookie-parser (npm)

This package impersonates the popular 'cookie-parser' package. Remote code execution, persistence, self-deletion, and obfuscation found in the package's code confirm its malicious nature...

Amazon Linux 2 : python (ALAS-2025-2797)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2797 advisory. An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior...

Linux Distros Unpatched Vulnerability : CVE-2024-47764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpecte...

CVE-2024-47764

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

DEBIAN-CVE-2024-47764

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

AZL-50094 CVE-2024-47764 affecting package nodejs-nodemon 2.0.3-4

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

AZL-50114 CVE-2024-47764 affecting package reaper for versions less than 3.1.1-13

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

CVE-2024-47764

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

CVE-2024-47764 cookie accepts cookie name, path, and domain with out of bounds characters

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

CVE-2024-47764

CVE-2024-47764 affects a Node.js cookie parsing/serialization package. The vulnerability arises because the cookie name can be used to influence other cookie fields, potentially yielding an unexpected cookie value; a similar escape can affect path and domain to alter other fields. Public advisori...

CVE-2024-47764 cookie accepts cookie name, path, and domain with out of bounds characters

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

BIT-ASPNET-CORE-2020-1045 Microsoft ASP.NET Core Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update address...

Malicious code in js-cookie-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4db21916d97f75d76cd031171b76c9c5a2223cd3549d141bde479c6babb0569c Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...