Lucene search
+L

199 matches found

Positive Technologies
Positive Technologies
added 2023/07/01 12:0 a.m.7 views

PT-2023-4738

Name of the Vulnerable Software and Affected Versions tough-cookie versions prior to 4.1.3 Description The issue arises from improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode, leading to Prototype Pollution. This vulnerability is related to insufficient control...

10CVSS7AI score0.02542EPSS
Exploits2References45
Snyk
Snyk
added 2023/06/08 2:45 p.m.6 views

Prototype Pollution

Overview tough-cookie is a RFC6265 Cookies and CookieJar module for Node.js. Affected versions of this package are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. Due to an issue with the manner in which the objects ar...

9.8CVSS7.3AI score0.02542EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.2 views

SUSE CVE-2018-20852

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5.3CVSS9AI score0.04021EPSS
Exploits1References32
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.5 views

SUSE CVE-2022-23607

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

6.5CVSS6.6AI score0.01083EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/02/13 12:0 a.m.6 views

The vulnerability of the Cookie.parse() function in the CookieJar library allows a hacker to induce a service failure.

The vulnerability of the Cookie.parse function in the CookieJar library is related to errors in the use of regular expressions. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

5.3CVSS6.7AI score0.01546EPSS
Exploits1References12Affected Software3
vulnersOsv
vulnersOsv
added 2023/01/18 6:31 a.m.3 views

192.168.0.172 (=4.6.1), 2ch (>=0.1.0 <=0.1.3) +4060 more potentially affected by CVE-2022-25901 via cookiejar (>=1.0.5 <=2.1.2)

cookiejar NPM version =1.0.5, =0.1.0, =0.13.0, =0.0.2, =0.0.1, =1.3.1, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =1.0.0, =1.16.0, =0.1.1, =0.3.1 and more Source cves: CVE-2022-25901 Source advisory: OSV:GHSA-H452-7996-H45H...

7.5CVSS6.7AI score0.01546EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2023/01/18 6:31 a.m.73 views

cookiejar Regular Expression Denial of Service via Cookie.parse function

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function and other aspects of the API, which use an insecure regular expression for parsing cookie values. Applications could be stalled for extended periods of time if...

7.5CVSS4.4AI score0.01546EPSS
Exploits1References9Affected Software2
OSV
OSV
added 2023/01/18 6:31 a.m.37 views

GHSA-H452-7996-H45H cookiejar Regular Expression Denial of Service via Cookie.parse function

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function and other aspects of the API, which use an insecure regular expression for parsing cookie values. Applications could be stalled for extended periods of time if...

5.3CVSS6.2AI score0.01546EPSS
Exploits1References9
OSV
OSV
added 2023/01/18 5:15 a.m.4 views

DEBIAN-CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

7.5CVSS6.6AI score0.01546EPSS
Exploits1References1
OSV
OSV
added 2023/01/18 5:15 a.m.7 views

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

7.5CVSS7.4AI score
Exploits0References6
Prion
Prion
added 2023/01/18 5:15 a.m.23 views

Design/Logic Flaw

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

5CVSS7.4AI score0.01546EPSS
Exploits1References6Affected Software1
UbuntuCve
UbuntuCve
added 2023/01/18 5:15 a.m.39 views

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

7.5CVSS6.8AI score0.01546EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/01/18 5:0 a.m.12 views

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

5.3CVSS7.7AI score0.01546EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2023/01/18 5:0 a.m.44 views

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

7.5CVSS6.9AI score0.01546EPSS
Exploits1
Cvelist
Cvelist
added 2023/01/18 5:0 a.m.20 views

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

5.3CVSS7.6AI score0.01546EPSS
Exploits1References6
CVE
CVE
added 2023/01/18 5:0 a.m.118 views

CVE-2022-25901

CVE-2022-25901 affects the Node.js package cookiejar. The vulnerability is a denial of service (ReDoS) in Cookie.parse caused by an insecure regular expression, exploitable remotely to exhaust CPU. Public details confirm vulnerable versions include cookiejar before 2.1.4; affected products includ...

7.5CVSS6.2AI score0.01546EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.5 views

CookieJar 安全漏洞

CookieJar is a simple and robust cookie library. A security vulnerability exists in CookieJar versions prior to 2.1.4, which stems from the use of insecure regular expressions in the Cookie.parse function...

7.5CVSS6.7AI score0.01546EPSS
Exploits1References9
vulnersOsv
vulnersOsv
added 2022/11/28 2:39 p.m.10 views

192.168.0.172 (=4.6.1), 3nit-utils (>=0.13.0 <=1.0.2) +3322 more potentially affected by CVE-2022-25901 via cookiejar (>=2.0.1 <=2.1.2)

cookiejar NPM version =2.0.1, =0.13.0, =0.2.2, =1.3.1, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =1.0.0, =1.16.0, =0.1.1, =1.0.0, =1.0.0, =1.1.2 and more Source cves: CVE-2022-25901 Source advisory: SNYK:JS-COOKIEJAR-3149984...

7.5CVSS6.7AI score0.01546EPSS
Exploits1
Snyk
Snyk
added 2022/11/28 2:39 p.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression. PoC js const CookieJar = require"cookiejar"; const jar = new CookieJar; const start = performance.now; const attack = "...

7.5CVSS6.8AI score0.01546EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/02/24 12:0 a.m.2 views

PT-2022-6259 · Cookiejar +1 · Cookiejar +1

Name of the Vulnerable Software and Affected Versions: cookiejar versions prior to 2.1.4 Description: The issue is related to the Cookie.parse function in the cookiejar package, which uses an insecure regular expression. This can lead to a Regular Expression Denial of Service ReDoS if untrusted...

7.5CVSS6.5AI score0.01546EPSS
Exploits1References24
Rows per page
Query Builder