VulnerableCode Package Details - pkg:deb/debian/node-tough-cookie@2.3.4%2Bdfsg-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/node-tough-cookie@2.3.4%2Bdfsg-1

purl	pkg:deb/debian/node-tough-cookie@2.3.4%2Bdfsg-1

Next non-vulnerable version	4.0.0-2+deb11u1
Latest non-vulnerable version	4.0.0-2+deb11u1
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-wjaq-7np6-z3bk Aliases: CVE-2023-26136 GHSA-72xf-g2v4-qvf3	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Versions of the package tough-cookie before 4.1.3 is vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.	4.0.0-2+deb11u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T21:39:37.992499+00:00	Debian Oval Importer	Affected by	VCID-wjaq-7np6-z3bk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T21:18:28.406787+00:00	Debian Oval Importer	Affected by	VCID-wjaq-7np6-z3bk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T20:57:14.538213+00:00	Debian Oval Importer	Affected by	VCID-wjaq-7np6-z3bk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0