Security Advisory

CVE-2023-26136

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-07-01 05:00:01

Last updated 2025-08-27 20:32:53

Assigner snyk

State PUBLISHED

Description

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

← Browse all CVEs View on cve.org ↗