Lucene search
K

8 matches found

Veracode
Veracode
added 2023/07/11 7:35 a.m.45 views

Prototype Pollution

tough-cookie is vulnerable to Prototype Pollution. The vulnerability exists due to improper domain sanitization when using the CookieJar with rejectPublicSuffixes=false which allows an attacker to modify the base prototype, resulting in Prototype Pollution...

9.8CVSS7AI score0.02542EPSS
Exploits2References7Affected Software2
RedhatCVE
RedhatCVE
added 2023/07/06 5:57 a.m.120 views

CVE-2023-26136

A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

6.5CVSS8.8AI score0.02542EPSS
Exploits2References8
Github Security Blog
Github Security Blog
added 2023/07/01 6:30 a.m.526 views

tough-cookie Prototype Pollution vulnerability

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

9.8CVSS6.8AI score0.02542EPSS
Exploits2References10Affected Software1
OSV
OSV
added 2023/07/01 5:15 a.m.9 views

AZL-43684 CVE-2023-26136 affecting package js-jquery 3.5.0-4

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

9.8CVSS6.7AI score0.02542EPSS
Exploits2References1
NVD
NVD
added 2023/07/01 5:15 a.m.27 views

CVE-2023-26136

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

9.8CVSS7.9AI score0.02542EPSS
Exploits2References8
UbuntuCve
UbuntuCve
added 2023/07/01 5:15 a.m.413 views

CVE-2023-26136

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

9.8CVSS6.8AI score0.02542EPSS
Exploits2References3
CVE
CVE
added 2023/07/01 5:0 a.m.484 views

CVE-2023-26136

CVE-2023-26136 affects tough-cookie prior to 4.1.3. The issue is a Prototype Pollution vulnerability in CookieJar handling when rejectPublicSuffixes=false, arising from how objects are initialized. Impacted component: tough-cookie (node.js library). Reported root cause: improper object initializa...

9.8CVSS9.2AI score0.02542EPSS
Exploits2References8Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/01 5:0 a.m.15 views

CVE-2023-26136

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

6.5CVSS6.7AI score0.02542EPSS
Exploits2References8
Rows per page
Query Builder