6 matches found
Exploit for Prototype Pollution in Salesforce Tough-Cookie
CVE-2023-26136 Fix for tough-cookie 2.5.0 Mission Overview...
PT-2023-4738 · Unknown +2 · Tough-Cookie +2
Name of the Vulnerable Software and Affected Versions: tough-cookie versions prior to 4.1.3 Description: The issue arises from improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode, leading to Prototype Pollution. This vulnerability is related to insufficient contro...
GHSA-G7Q5-PJJR-GQVP Regular Expression Denial of Service in tough-cookie
Affected versions of tough-cookie are susceptible to a regular expression denial of service. The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length. If node was compiled using the...
nodejs-tough-cookie: Regular expression denial of service
A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU...
nodejs-tough-cookie: Regular expression denial of service
A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU...
ReDoS via long string of semicolons
Overview Affected versions of tough-cookie may be vulnerable to regular expression denial of service when long strings of semicolons exist in the Set-Cookie header. Recommendation Update to version 2.3.0 or later. References GitHub Advisory...