VulnerableCode Package Details - pkg:deb/debian/node-tough-cookie@4.0.0-2%2Bdeb11u1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/node-tough-cookie@4.0.0-2%2Bdeb11u1

purl	pkg:deb/debian/node-tough-cookie@4.0.0-2%2Bdeb11u1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-wjaq-7np6-z3bk	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Versions of the package tough-cookie before 4.1.3 is vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.	CVE-2023-26136 GHSA-72xf-g2v4-qvf3

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T21:39:37.996443+00:00	Debian Oval Importer	Fixing	VCID-wjaq-7np6-z3bk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T21:18:28.410561+00:00	Debian Oval Importer	Fixing	VCID-wjaq-7np6-z3bk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T20:57:14.543542+00:00	Debian Oval Importer	Fixing	VCID-wjaq-7np6-z3bk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0