tough-cookie — CVE history (npm)
tough-cookie
3 CVEs affect the tough-cookie npm package (highest CVSS 7.5). Latest disclosed: 2023-07-01. Full CVE history sourced from NVD.
Summary
- Package
tough-cookie(npm)- Total CVEs
3- Actively exploited (CISA KEV)
- 0
- Highest CVSS
7.5- Latest disclosed
- 2023-07-01
Recent CVEs (top 3)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-26136 | Medium | 6.5 | — | 2023-07-01 | Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. |
CVE-2016-1000232 | Medium | 5.3 | — | 2018-09-05 | NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. |
CVE-2017-15010 | High | 7.5 | — | 2017-10-04 | A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. |
All-time worst (top 3 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2017-15010 | High | 7.5 | — | 2017-10-04 | A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. |
CVE-2023-26136 | Medium | 6.5 | — | 2023-07-01 | Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. |
CVE-2016-1000232 | Medium | 5.3 | — | 2018-09-05 | NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. |