Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
References
Configurations
History
28 Feb 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jul 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Jul 2023, 00:02
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1321 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:salesforce:tough-cookie:*:*:*:*:*:node.js:*:* | |
First Time |
Salesforce tough-cookie
Salesforce |
|
References | (MISC) https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873 - Exploit, Technical Description, Third Party Advisory | |
References | (MISC) https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e - Patch | |
References | (MISC) https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3 - Release Notes | |
References | (MISC) https://github.com/salesforce/tough-cookie/issues/282 - Exploit, Issue Tracking, Vendor Advisory |
01 Jul 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-01 05:15
Updated : 2024-02-28 03:15
NVD link : CVE-2023-26136
Mitre link : CVE-2023-26136
CVE.ORG link : CVE-2023-26136
JSON object : View
Products Affected
salesforce
- tough-cookie
CWE
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')