tough-cookie is vulnerable to regular expression denial of service (ReDoS) attack. The vulnerability exists because the COOKIE_PAIR
regular expression used to parse the cookies causes unlimited repetitions when matching input characters. By using a large cookie string, attackers can make the process hang and cause a denial of service condition.
CPE | Name | Operator | Version |
---|---|---|---|
tough-cookie | le | 2.2.1 | |
tough-cookie | le | 2.3.2 | |
tough-cookie | le | 2.3.2 |