Vulnerability — CVE-2023-26136

CVE-2023-26136

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-26136
Description:: Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
Last updated date:: 06/21/2024

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/08/2023
Reference url to background: https://github.com/salesforce/tough-cookie/issues/282

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/08/2023
Reference url to background: https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873