Описание
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
Ссылки
- Patch
- ExploitIssue TrackingVendor Advisory
- Release Notes
- ExploitTechnical DescriptionThird Party Advisory
- Patch
- ExploitIssue TrackingVendor Advisory
- Release Notes
- ExploitTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
Versions of the package tough-cookie before 4.1.3 are vulnerable to Pr ...
Уязвимость пакета Tough-cookie программной платформы Node.js, позволяющая нарушителю выполнить произвольный код JavaScript
EPSS
6.5 Medium
CVSS3
9.8 Critical
CVSS3