Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
https://security.netapp.com/advisory/ntap-20240621-0006/
https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html
https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3
https://github.com/salesforce/tough-cookie/issues/282
Published: 2023-07-01
Updated: 2024-06-21
Named Vulnerability: tough-cookie Prototype Pollution
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS: 0.05191