CVE-2023-26136
Summary
| CVE | CVE-2023-26136 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-07-01 05:15:00 UTC |
|---|
| Updated | 2023-11-07 04:09:00 UTC |
|---|
| Description | Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Prototype Pollution in tough-cookie | CVE-2023-26136 | Snyk |
MISC |
security.snyk.io |
|
| Security Risk · Issue #282 · salesforce/tough-cookie · GitHub |
MISC |
github.com |
|
| Prevent prototype pollution in cookie memstore (#283) · salesforce/tough-cookie@12d4747 · GitHub |
MISC |
github.com |
|
| [SECURITY] [DLA 3488-1] node-tough-cookie security update |
MISC |
lists.debian.org |
|
| Release 4.1.3 · salesforce/tough-cookie · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 242105 Red Hat Update for JBoss Enterprise Application Platform 7.4.1 on RHEL 9 (RHSA-2023:5486)
- 242106 Red Hat Update for JBoss Enterprise Application Platform 7.4.1 on RHEL 7 (RHSA-2023:5484)
- 242122 Red Hat Update for JBoss Enterprise Application Platform 7.4.1 on RHEL 8 (RHSA-2023:5485)
- 284943 Fedora Security Update for yarnpkg (FEDORA-2024-5ecc250449)
- 284965 Fedora Security Update for yarnpkg (FEDORA-2024-28fc0c2ef4)
- 379452 IBM Cognos Analytics Multiple Vulnerabilities (7123154)
- 6000121 Debian Security Update for node-tough-cookie (DLA 3488-1)
