tough-cookie — CVE history (npm)

tough-cookie

3 CVEs affect the tough-cookie npm package (highest CVSS 7.5). Latest disclosed: 2023-07-01. Full CVE history sourced from NVD.

Summary

Package
tough-cookie (npm)
Total CVEs
3
Actively exploited (CISA KEV)
0
Highest CVSS
7.5
Latest disclosed
2023-07-01

Recent CVEs (top 3)

CVESeverityCVSSKEVPublishedSummary
CVE-2023-26136Medium6.52023-07-01Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode.
CVE-2016-1000232Medium5.32018-09-05NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service.
CVE-2017-15010High7.52017-10-04A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js.

All-time worst (top 3 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2017-15010High7.52017-10-04A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js.
CVE-2023-26136Medium6.52023-07-01Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode.
CVE-2016-1000232Medium5.32018-09-05NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service.