Published: 01/07/2023 Updated: 28/02/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Versions of the package tough-cookie prior to 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

Vulnerable Product	Search on Vulmon	Subscribe to Product
salesforce tough-cookie

Synopsis Important: Red Hat JBoss Enterprise Application Platform 7413 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Applicatio ...

Synopsis Moderate: Multicluster Engine for Kubernetes 232 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Multicluster Engine for Kubernetes 232 General Availability release images,which contain security updates and fix bugsRed Hat Product Security has rated this update as having a security impactof Moderat ...

Synopsis Moderate: Logging Subsystem 573 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Logging Subsystem 573 Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 7413 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Moderate: Red Hat Advanced Cluster Management 282 security and bug fix updates Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 282 GeneralAvailability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having a security i ...

Synopsis Important: Logging Subsystem 5612 - Red Hat OpenShift security update Type/Severity Security Advisory: Important Topic Logging Subsystem 5612 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 7413 security update on RHEL 8 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Applicatio ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 7413 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Applicatio ...

Synopsis Moderate: Migration Toolkit for Containers (MTC) 182 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 182 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

DescriptionThe MITRE CVE dictionary describes this issue as: Versions of the package tough-cookie before 413 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode This issue arises from the manner in which the objects are initialized ...

MATLAB language server MATLAB® language server implements the Microsoft® Language Server Protocol for the MATLAB language MATLAB language server requires MATLAB version R2021a or later Features Implemented MATLAB language server implements several Language Server Protocol features and their related services: Code diagnostics — publishDiagnostics Quick fixes &m

Researching on the vulnrability CVE-2023-26136

SealSecurityAssignment Researching on the vulnrability CVE-2023-26136 Research on Vulnerability: CVE-2023-26136 Description: Versions of the package tough-cookie before 413 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode This issue arises from the manner in which the objects are initialized ht

CWE-1321 https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873 https://github.com/salesforce/tough-cookie/issues/282 https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3 https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:5484 https://github.com/CUCUMBERanOrSNCompany/SealSecurityAssignment https://access.redhat.com/security/cve/cve-2023-26136

Get Started

CVE-2023-26136

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect