VulnerableCode Package Details - pkg:npm/tough-cookie@2.4.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/tough-cookie@2.4.2

Essentials
History (3)

purl	pkg:npm/tough-cookie@2.4.2

Next non-vulnerable version	4.1.3
Latest non-vulnerable version	4.1.3
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-wjaq-7np6-z3bk Aliases: CVE-2023-26136 GHSA-72xf-g2v4-qvf3	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Versions of the package tough-cookie before 4.1.3 is vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.	4.1.3 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:32:50.107794+00:00	GitLab Importer	Affected by	VCID-wjaq-7np6-z3bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2023-26136.yml	38.4.0
2026-04-11T23:51:43.237885+00:00	GitLab Importer	Affected by	VCID-wjaq-7np6-z3bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2023-26136.yml	38.3.0
2026-04-02T23:54:57.161151+00:00	GitLab Importer	Affected by	VCID-wjaq-7np6-z3bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tough-cookie/CVE-2023-26136.yml	38.1.0