Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/tough-cookie@1.2.0
Typenpm
Namespace
Nametough-cookie
Version1.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.3
Latest_non_vulnerable_version4.1.3
Affected_by_vulnerabilities
0
url VCID-3buh-pfq7-9kf2
vulnerability_id VCID-3buh-pfq7-9kf2
summary 
Regular Expression Denial of Service
The `tough-cookie` module is vulnerable to regular expression denial of service. Input of around k characters is required for a slow down of around 2 seconds. Unless node was compiled using the `-DHTTP_MAX_HEADER_SIZE=` option the default header max length is kb so the impact of the ReDoS is limited to around seconds of blocking.
references
0
reference_url https://github.com/salesforce/tough-cookie/issues/92
reference_id
reference_type
scores
url https://github.com/salesforce/tough-cookie/issues/92
fixed_packages
0
url pkg:npm/tough-cookie@2.3.3
purl pkg:npm/tough-cookie@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.3.3
aliases GMS-2017-210
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3buh-pfq7-9kf2
1
url VCID-am2z-v7gj-nqch
vulnerability_id VCID-am2z-v7gj-nqch
summary 
Uncontrolled Resource Consumption
An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2912
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2912
1
reference_url https://access.redhat.com/errata/RHSA-2017:2913
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2913
2
reference_url https://access.redhat.com/errata/RHSA-2018:1263
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1263
3
reference_url https://access.redhat.com/errata/RHSA-2018:1264
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1264
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15010.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15010.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15010
reference_id
reference_type
scores
0
value 0.03942
scoring_system epss
scoring_elements 0.88354
published_at 2026-04-18T12:55:00Z
1
value 0.03942
scoring_system epss
scoring_elements 0.8829
published_at 2026-04-01T12:55:00Z
2
value 0.03942
scoring_system epss
scoring_elements 0.88298
published_at 2026-04-02T12:55:00Z
3
value 0.03942
scoring_system epss
scoring_elements 0.88313
published_at 2026-04-04T12:55:00Z
4
value 0.03942
scoring_system epss
scoring_elements 0.88317
published_at 2026-04-07T12:55:00Z
5
value 0.03942
scoring_system epss
scoring_elements 0.88336
published_at 2026-04-08T12:55:00Z
6
value 0.03942
scoring_system epss
scoring_elements 0.88342
published_at 2026-04-09T12:55:00Z
7
value 0.03942
scoring_system epss
scoring_elements 0.88353
published_at 2026-04-11T12:55:00Z
8
value 0.03942
scoring_system epss
scoring_elements 0.88344
published_at 2026-04-13T12:55:00Z
9
value 0.03942
scoring_system epss
scoring_elements 0.88358
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15010
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15010
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15010
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/advisories/GHSA-g7q5-pjjr-gqvp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-g7q5-pjjr-gqvp
9
reference_url https://github.com/salesforce/tough-cookie
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie
10
reference_url https://github.com/salesforce/tough-cookie/commit/f1ed420a6a92ea7a5418df6e39e676556bc0c71d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie/commit/f1ed420a6a92ea7a5418df6e39e676556bc0c71d
11
reference_url https://github.com/salesforce/tough-cookie/issues/92
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie/issues/92
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/
15
reference_url https://nodesecurity.io/advisories/525
reference_id
reference_type
scores
url https://nodesecurity.io/advisories/525
16
reference_url https://snyk.io/vuln/npm:tough-cookie:20170905
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/npm:tough-cookie:20170905
17
reference_url https://www.npmjs.com/advisories/525
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/525
18
reference_url http://www.securityfocus.com/bid/101185
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/101185
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1493989
reference_id 1493989
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1493989
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877660
reference_id 877660
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877660
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:salesforce:tough-cookie:*:*:*:*:*:node.js:*:*
reference_id cpe:2.3:a:salesforce:tough-cookie:*:*:*:*:*:node.js:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:salesforce:tough-cookie:*:*:*:*:*:node.js:*:*
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15010
reference_id CVE-2017-15010
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-15010
fixed_packages
0
url pkg:npm/tough-cookie@2.3.3
purl pkg:npm/tough-cookie@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.3.3
aliases CVE-2017-15010, GHSA-g7q5-pjjr-gqvp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am2z-v7gj-nqch
2
url VCID-gcrq-1at1-bygq
vulnerability_id VCID-gcrq-1at1-bygq
summary 
Improper Input Validation
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:2101
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:2101
1
reference_url https://access.redhat.com/errata/RHSA-2017:2912
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2912
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000232.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000232.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000232
reference_id
reference_type
scores
0
value 0.00921
scoring_system epss
scoring_elements 0.75909
published_at 2026-04-01T12:55:00Z
1
value 0.00921
scoring_system epss
scoring_elements 0.76006
published_at 2026-04-18T12:55:00Z
2
value 0.00921
scoring_system epss
scoring_elements 0.76003
published_at 2026-04-16T12:55:00Z
3
value 0.00921
scoring_system epss
scoring_elements 0.75964
published_at 2026-04-13T12:55:00Z
4
value 0.00921
scoring_system epss
scoring_elements 0.75971
published_at 2026-04-12T12:55:00Z
5
value 0.00921
scoring_system epss
scoring_elements 0.75994
published_at 2026-04-11T12:55:00Z
6
value 0.00921
scoring_system epss
scoring_elements 0.7597
published_at 2026-04-09T12:55:00Z
7
value 0.00921
scoring_system epss
scoring_elements 0.75956
published_at 2026-04-08T12:55:00Z
8
value 0.00921
scoring_system epss
scoring_elements 0.75923
published_at 2026-04-07T12:55:00Z
9
value 0.00921
scoring_system epss
scoring_elements 0.75945
published_at 2026-04-04T12:55:00Z
10
value 0.00921
scoring_system epss
scoring_elements 0.75913
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000232
4
reference_url https://github.com/salesforce/tough-cookie
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie
5
reference_url https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae
6
reference_url https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534
7
reference_url https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232
8
reference_url https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/
reference_id
reference_type
scores
url https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/
9
reference_url https://www.npmjs.com/advisories/130
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/130
10
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/130.json
reference_id 130
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/130.json
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1359818
reference_id 1359818
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1359818
12
reference_url https://access.redhat.com/security/cve/cve-2016-1000232
reference_id CVE-2016-1000232
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2016-1000232
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000232
reference_id CVE-2016-1000232
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000232
14
reference_url https://github.com/advisories/GHSA-qhv9-728r-6jqg
reference_id GHSA-qhv9-728r-6jqg
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-qhv9-728r-6jqg
fixed_packages
0
url pkg:npm/tough-cookie@2.3.0
purl pkg:npm/tough-cookie@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.3.0
aliases CVE-2016-1000232, GHSA-qhv9-728r-6jqg
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gcrq-1at1-bygq
3
url VCID-wjaq-7np6-z3bk
vulnerability_id VCID-wjaq-7np6-z3bk
summary 
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Versions of the package tough-cookie before 4.1.3 is vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26136.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26136.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26136
reference_id
reference_type
scores
0
value 0.06371
scoring_system epss
scoring_elements 0.91029
published_at 2026-04-18T12:55:00Z
1
value 0.06371
scoring_system epss
scoring_elements 0.91031
published_at 2026-04-16T12:55:00Z
2
value 0.06371
scoring_system epss
scoring_elements 0.90962
published_at 2026-04-02T12:55:00Z
3
value 0.06371
scoring_system epss
scoring_elements 0.91006
published_at 2026-04-13T12:55:00Z
4
value 0.06371
scoring_system epss
scoring_elements 0.91007
published_at 2026-04-12T12:55:00Z
5
value 0.06371
scoring_system epss
scoring_elements 0.90998
published_at 2026-04-09T12:55:00Z
6
value 0.06371
scoring_system epss
scoring_elements 0.90993
published_at 2026-04-08T12:55:00Z
7
value 0.06371
scoring_system epss
scoring_elements 0.90982
published_at 2026-04-07T12:55:00Z
8
value 0.06371
scoring_system epss
scoring_elements 0.90971
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26136
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26136
3
reference_url https://github.com/salesforce/tough-cookie
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie
4
reference_url https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e
5
reference_url https://github.com/salesforce/tough-cookie/issues/282
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://github.com/salesforce/tough-cookie/issues/282
6
reference_url https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3
7
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ
10
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
11
reference_url https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2219310
reference_id 2219310
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2219310
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/
reference_id 3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/
reference_id 6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26136
reference_id CVE-2023-26136
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26136
16
reference_url https://github.com/advisories/GHSA-72xf-g2v4-qvf3
reference_id GHSA-72xf-g2v4-qvf3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-72xf-g2v4-qvf3
17
reference_url https://access.redhat.com/errata/RHSA-2023:3998
reference_id RHSA-2023:3998
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3998
18
reference_url https://access.redhat.com/errata/RHSA-2023:5006
reference_id RHSA-2023:5006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5006
19
reference_url https://access.redhat.com/errata/RHSA-2023:5541
reference_id RHSA-2023:5541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5541
20
reference_url https://access.redhat.com/errata/RHSA-2023:5542
reference_id RHSA-2023:5542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5542
21
reference_url https://access.redhat.com/errata/RHSA-2023:7222
reference_id RHSA-2023:7222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7222
22
reference_url https://access.redhat.com/errata/RHSA-2024:8676
reference_id RHSA-2024:8676
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8676
23
reference_url https://access.redhat.com/errata/RHSA-2025:0082
reference_id RHSA-2025:0082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0082
24
reference_url https://access.redhat.com/errata/RHSA-2025:0164
reference_id RHSA-2025:0164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0164
25
reference_url https://access.redhat.com/errata/RHSA-2025:0323
reference_id RHSA-2025:0323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0323
fixed_packages
0
url pkg:npm/tough-cookie@4.1.3
purl pkg:npm/tough-cookie@4.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@4.1.3
aliases CVE-2023-26136, GHSA-72xf-g2v4-qvf3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjaq-7np6-z3bk
4
url VCID-z4vf-knv2-7qeb
vulnerability_id VCID-z4vf-knv2-7qeb
summary 
ReDoS via long string of semicolons
Tough-cookie contain a vulnerable regular expression that, under certain conditions involving long strings of semicolons in the "Set-Cookie" header, causes the event loop to block for excessive amounts of time.
references
0
reference_url https://github.com/SalesforceEng/tough-cookie/pull/68
reference_id
reference_type
scores
url https://github.com/SalesforceEng/tough-cookie/pull/68
fixed_packages
0
url pkg:npm/tough-cookie@2.3.0
purl pkg:npm/tough-cookie@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.3.0
aliases GMS-2016-49
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4vf-knv2-7qeb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@1.2.0