Vulnerability	Vulnerable Version
M Prototype Pollution org.webjars.npm:tough-cookie is a RFC6265 Cookies and CookieJar module for Node.js. Affected versions of this package are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. Due to an issue with the manner in which the objects are initialized, an attacker can expose or modify a limited amount of property information on those objects. There is no impact to availability. How to fix Prototype Pollution? Upgrade `org.webjars.npm:tough-cookie` to version 4.1.3 or higher.	[,4.1.3)
M Regular Expression Denial of Service (ReDoS) `tough-cookie` is RFC6265 Cookies and Cookie Jar for node.js. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks. An attacker may pass a specially crafted cookie, causing the server to hang. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade to version `2.3.3` or newer.	[,2.3.3)

Prototype Pollution

org.webjars.npm:tough-cookie is a RFC6265 Cookies and CookieJar module for Node.js.

Affected versions of this package are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. Due to an issue with the manner in which the objects are initialized, an attacker can expose or modify a limited amount of property information on those objects. There is no impact to availability.

How to fix Prototype Pollution?

Upgrade org.webjars.npm:tough-cookie to version 4.1.3 or higher.

[,4.1.3)

Regular Expression Denial of Service (ReDoS)

tough-cookie is RFC6265 Cookies and Cookie Jar for node.js.

Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks. An attacker may pass a specially crafted cookie, causing the server to hang.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade to version 2.3.3 or newer.

[,2.3.3)

Go back to all versions of this package