UBUNTU-CVE-2026-9679

Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

CVE-2026-9679

Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

Malicious code in cookie-parser-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a673e0454bb102d4e8456e3c26290196c5ae5bf4cf9438ce78f8286fd5c3be Package name and README impersonate the well-known cookie-parser Express middleware. The source is a near-verbatim copy of cookie-parser, except the...

MAL-2026-5346 Malicious code in cookie-parser-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a673e0454bb102d4e8456e3c26290196c5ae5bf4cf9438ce78f8286fd5c3be Package name and README impersonate the well-known cookie-parser Express middleware. The source is a near-verbatim copy of cookie-parser, except the...

Malicious Package

Overview cookie-parser-legacy is a malicious package. This package contains malicious code that uses another malicious package moustick Snyk Advisory as a dependency to fetch a remote payload from attacker-controlled URL https://www.jsonkeeper.com/b/MYUKZ. The payload is designed to extract...

Malicious code in redis-cookie-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91375f4f82c5d4299e69cf91489e82b06358bccaa40ec51ab1c19c3e03e3e99a The package redis-cookie-parser was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-1132

Malicious code in redis-cookie-parser npm...

Malicious Package

Overview redis-cookie-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-67 Malicious code in redis-cookie-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91375f4f82c5d4299e69cf91489e82b06358bccaa40ec51ab1c19c3e03e3e99a The package redis-cookie-parser was found to contain malicious code. Source: ghsa-malware...

EUVD-2024-3106

Malicious code in bioql PyPI...

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

Malicious code in express-cookie-parser (npm)

This package impersonates the popular 'cookie-parser' package. Remote code execution, persistence, self-deletion, and obfuscation found in the package's code confirm its malicious nature...

MAL-2025-3541 Malicious code in express-cookie-parser (npm)

This package impersonates the popular 'cookie-parser' package. Remote code execution, persistence, self-deletion, and obfuscation found in the package's code confirm its malicious nature...

Amazon Linux 2 : python (ALAS-2025-2797)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2797 advisory. An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior...

Linux Distros Unpatched Vulnerability : CVE-2024-47764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpecte...

CVE-2024-47764

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

AZL-50114 CVE-2024-47764 affecting package reaper for versions less than 3.1.1-13

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

DEBIAN-CVE-2024-47764

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

AZL-50094 CVE-2024-47764 affecting package nodejs-nodemon 2.0.3-4

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

CVE-2024-47764 cookie accepts cookie name, path, and domain with out of bounds characters

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...