Lucene search
K

6 matches found

GithubExploit
GithubExploit
added 2025/06/18 7:27 a.m.759 views

Exploit for Prototype Pollution in Salesforce Tough-Cookie

CVE-2023-26136 Fix for tough-cookie 2.5.0 Mission Overview...

9.8CVSS7.1AI score0.02542EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/07/01 12:0 a.m.4 views

PT-2023-4738 · Unknown +2 · Tough-Cookie +2

Name of the Vulnerable Software and Affected Versions: tough-cookie versions prior to 4.1.3 Description: The issue arises from improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode, leading to Prototype Pollution. This vulnerability is related to insufficient contro...

10CVSS6.5AI score0.02542EPSS
Exploits2References42
OSV
OSV
added 2018/07/24 8:14 p.m.1 views

GHSA-G7Q5-PJJR-GQVP Regular Expression Denial of Service in tough-cookie

Affected versions of tough-cookie are susceptible to a regular expression denial of service. The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length. If node was compiled using the...

7.5CVSS6AI score0.03283EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2018/04/30 6:41 p.m.5 views

nodejs-tough-cookie: Regular expression denial of service

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU...

7.5CVSS7.1AI score0.03283EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/10/18 4:46 p.m.3 views

nodejs-tough-cookie: Regular expression denial of service

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU...

7.5CVSS7.1AI score0.03283EPSS
Exploits0References5
Node.js
Node.js
added 2016/07/22 7:43 p.m.78 views

ReDoS via long string of semicolons

Overview Affected versions of tough-cookie may be vulnerable to regular expression denial of service when long strings of semicolons exist in the Set-Cookie header. Recommendation Update to version 2.3.0 or later. References GitHub Advisory...

5CVSS5.1AI score0.02356EPSS
Exploits0Affected Software1
Rows per page
Query Builder