Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/tough-cookie@2.3.3
purl pkg:npm/tough-cookie@2.3.3
Next non-vulnerable version 4.1.3
Latest non-vulnerable version 4.1.3
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-wjaq-7np6-z3bk
Aliases:
CVE-2023-26136
GHSA-72xf-g2v4-qvf3
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Versions of the package tough-cookie before 4.1.3 is vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
4.1.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-3buh-pfq7-9kf2 Regular Expression Denial of Service The `tough-cookie` module is vulnerable to regular expression denial of service. Input of around k characters is required for a slow down of around 2 seconds. Unless node was compiled using the `-DHTTP_MAX_HEADER_SIZE=` option the default header max length is kb so the impact of the ReDoS is limited to around seconds of blocking. GMS-2017-210
VCID-am2z-v7gj-nqch Uncontrolled Resource Consumption An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU. CVE-2017-15010
GHSA-g7q5-pjjr-gqvp

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:32:50.101048+00:00 GitLab Importer Affected by VCID-wjaq-7np6-z3bk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2023-26136.yml 38.4.0
2026-04-16T20:38:57.575469+00:00 GitLab Importer Fixing VCID-am2z-v7gj-nqch https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2017-15010.yml 38.4.0
2026-04-16T01:21:47.413776+00:00 GHSA Importer Fixing VCID-am2z-v7gj-nqch https://github.com/advisories/GHSA-g7q5-pjjr-gqvp 38.4.0
2026-04-11T23:51:43.230330+00:00 GitLab Importer Affected by VCID-wjaq-7np6-z3bk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2023-26136.yml 38.3.0
2026-04-11T21:49:43.268931+00:00 GitLab Importer Fixing VCID-am2z-v7gj-nqch https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2017-15010.yml 38.3.0
2026-04-11T12:50:48.798093+00:00 GHSA Importer Fixing VCID-am2z-v7gj-nqch https://github.com/advisories/GHSA-g7q5-pjjr-gqvp 38.3.0
2026-04-02T23:54:57.151786+00:00 GitLab Importer Affected by VCID-wjaq-7np6-z3bk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2023-26136.yml 38.1.0
2026-04-02T22:03:33.189068+00:00 GitLab Importer Fixing VCID-am2z-v7gj-nqch https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2017-15010.yml 38.1.0
2026-04-02T13:44:19.677621+00:00 GHSA Importer Fixing VCID-am2z-v7gj-nqch https://github.com/advisories/GHSA-g7q5-pjjr-gqvp 38.1.0
2026-04-01T15:56:34.173575+00:00 GHSA Importer Fixing VCID-am2z-v7gj-nqch https://github.com/advisories/GHSA-g7q5-pjjr-gqvp 38.0.0
2026-04-01T13:03:58.842199+00:00 GithubOSV Importer Fixing VCID-am2z-v7gj-nqch https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-g7q5-pjjr-gqvp/GHSA-g7q5-pjjr-gqvp.json 38.0.0
2026-04-01T12:47:23.094490+00:00 GitLab Importer Fixing VCID-am2z-v7gj-nqch https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2017-15010.yml 38.0.0
2026-04-01T12:47:21.273748+00:00 GitLab Importer Fixing VCID-3buh-pfq7-9kf2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/GMS-2017-210.yml 38.0.0