Skip to content

Dependabot Alert #8 - tough-cookie is vulnerable #609

New issue
New issue
Open
Open
Dependabot Alert #8 - tough-cookie is vulnerable#609
Labels
O&M TaskPriority: MediumScope: SecurityTrellaction
@jwj019

Description

@jwj019
jwj019
opened on Sep 19, 2023

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

Dependabot Alert Link

Metadata

Metadata

Assignees

No one assigned

    Labels

    O&M TaskPriority: MediumScope: SecurityTrellaction

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions