Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-3buh-pfq7-9kf2
Summary
Regular Expression Denial of Service
The `tough-cookie` module is vulnerable to regular expression denial of service. Input of around k characters is required for a slow down of around 2 seconds. Unless node was compiled using the `-DHTTP_MAX_HEADER_SIZE=` option the default header max length is kb so the impact of the ReDoS is limited to around seconds of blocking.
Aliases
0
alias GMS-2017-210
Fixed_packages
0
url pkg:npm/tough-cookie@2.3.3
purl pkg:npm/tough-cookie@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.3.3
Affected_packages
0
url pkg:npm/tough-cookie@0.9.0
purl pkg:npm/tough-cookie@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.0
1
url pkg:npm/tough-cookie@0.9.1
purl pkg:npm/tough-cookie@0.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.1
2
url pkg:npm/tough-cookie@0.9.3
purl pkg:npm/tough-cookie@0.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.3
3
url pkg:npm/tough-cookie@0.9.4
purl pkg:npm/tough-cookie@0.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.4
4
url pkg:npm/tough-cookie@0.9.5
purl pkg:npm/tough-cookie@0.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.5
5
url pkg:npm/tough-cookie@0.9.6
purl pkg:npm/tough-cookie@0.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.6
6
url pkg:npm/tough-cookie@0.9.7
purl pkg:npm/tough-cookie@0.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.7
7
url pkg:npm/tough-cookie@0.9.8
purl pkg:npm/tough-cookie@0.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.8
8
url pkg:npm/tough-cookie@0.9.9
purl pkg:npm/tough-cookie@0.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.9
9
url pkg:npm/tough-cookie@0.9.11
purl pkg:npm/tough-cookie@0.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.11
10
url pkg:npm/tough-cookie@0.9.12
purl pkg:npm/tough-cookie@0.9.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.12
11
url pkg:npm/tough-cookie@0.9.13
purl pkg:npm/tough-cookie@0.9.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.13
12
url pkg:npm/tough-cookie@0.9.14
purl pkg:npm/tough-cookie@0.9.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.14
13
url pkg:npm/tough-cookie@0.9.15
purl pkg:npm/tough-cookie@0.9.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.15
14
url pkg:npm/tough-cookie@0.10.0
purl pkg:npm/tough-cookie@0.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.10.0
15
url pkg:npm/tough-cookie@0.11.0
purl pkg:npm/tough-cookie@0.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.11.0
16
url pkg:npm/tough-cookie@0.12.0
purl pkg:npm/tough-cookie@0.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.12.0
17
url pkg:npm/tough-cookie@0.12.1
purl pkg:npm/tough-cookie@0.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.12.1
18
url pkg:npm/tough-cookie@0.13.0
purl pkg:npm/tough-cookie@0.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.13.0
19
url pkg:npm/tough-cookie@1.0.0
purl pkg:npm/tough-cookie@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@1.0.0
20
url pkg:npm/tough-cookie@1.1.0
purl pkg:npm/tough-cookie@1.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@1.1.0
21
url pkg:npm/tough-cookie@1.2.0
purl pkg:npm/tough-cookie@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@1.2.0
22
url pkg:npm/tough-cookie@2.0.0
purl pkg:npm/tough-cookie@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.0.0
23
url pkg:npm/tough-cookie@2.1.0
purl pkg:npm/tough-cookie@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.1.0
24
url pkg:npm/tough-cookie@2.2.0
purl pkg:npm/tough-cookie@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.2.0
25
url pkg:npm/tough-cookie@2.2.1
purl pkg:npm/tough-cookie@2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.2.1
26
url pkg:npm/tough-cookie@2.2.2
purl pkg:npm/tough-cookie@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.2.2
27
url pkg:npm/tough-cookie@2.3.0
purl pkg:npm/tough-cookie@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.3.0
28
url pkg:npm/tough-cookie@2.3.1
purl pkg:npm/tough-cookie@2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.3.1
29
url pkg:npm/tough-cookie@2.3.2
purl pkg:npm/tough-cookie@2.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.3.2
References
0
reference_url https://github.com/salesforce/tough-cookie/issues/92
reference_id
reference_type
scores
url https://github.com/salesforce/tough-cookie/issues/92
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-3buh-pfq7-9kf2