Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-26136

Опубликовано: 01 июл. 2023
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Cryostat 2tough-cookieNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Not affected
Migration Toolkit for Applications 6mta/mta-ui-rhel9Will not fix
Migration Toolkit for Runtimestough-cookieAffected
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-ui-rhel8Will not fix
.NET 6.0 on Red Hat Enterprise Linuxrh-dotnet60-dotnetNot affected
Network Observability Operatornetwork-observability/network-observability-console-plugin-rhel9Affected
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-api-rhel8Affected
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-db-migration-rhel8Affected
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-ui-rhel8Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1321
https://bugzilla.redhat.com/show_bug.cgi?id=2219310tough-cookie: prototype pollution in cookie memstore

EPSS

Процентиль: 89%
0.05191
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-26136

CVSS3: 6.5
ubuntu
почти 2 года назад

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

nvd логотип

CVE-2023-26136

CVSS3: 6.5
nvd
почти 2 года назад

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

debian логотип

CVE-2023-26136

CVSS3: 6.5
debian
почти 2 года назад

Versions of the package tough-cookie before 4.1.3 are vulnerable to Pr ...

github логотип

GHSA-72xf-g2v4-qvf3

CVSS3: 6.5
github
почти 2 года назад

tough-cookie Prototype Pollution vulnerability

fstec логотип

BDU:2023-05172

CVSS3: 9.8
fstec
почти 2 года назад

Уязвимость пакета Tough-cookie программной платформы Node.js, позволяющая нарушителю выполнить произвольный код JavaScript

EPSS

Процентиль: 89%
0.05191
Низкий

6.5 Medium

CVSS3

Уязвимость CVE-2023-26136