GHSA-QJX8-664M-686J JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

Summary js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property, so the for…in enumerates it and the targetkey = sourcekey write triggers the...

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

Mail.ru: CRLF Injection in 301 Redirect allow to Set-Cookies for mail.ru

CRLF injection in HTTP 301 reply on 1l-go.mail.ru...

Clip Bucket 1.7.1 - Insecure Cookie Handling

|| || | || o,7 || . o7 || q||| o\, : / / . /QQQQQQQQQQQQQQQQQQQ\ /QQQ/\QQQ\ /QQQQQ/ \QQQQQQ\ /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqaahotmail.fr /QQQQ| \QQQQ\ /QQQQ/ \QQQQ\ /QQ\QQQQ/ \QQQQ\ \QQQQQQQ/ \QQQQQ...