Package impact
npm / tough-cookie
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15010 | high | 7.5 | 7.5 | 9y ago | A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie ma… | |||
| CVE-2023-26136 | unknown | — | — | 3y ago | Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises … | |||
| CVE-2016-1000232 | unknown | — | — | 8y ago | ReDoS via long string of semicolons in tough-cookie |