Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability in dependent package tough-cookie@2.5.0 #90

Open
dvorakd opened this issue Feb 20, 2024 · 0 comments
Open

Vulnerability in dependent package tough-cookie@2.5.0 #90

dvorakd opened this issue Feb 20, 2024 · 0 comments

Comments

@dvorakd
Copy link

dvorakd commented Feb 20, 2024

Security scans are reporting critical vulnerability with the package tough-cookie@2.5.0 which is a dependency of request@2.88.2.

CVE CVE-2023-26136
SEVERITY critical
CVSS 9.80
PACKAGE tough-cookie
VERSION 2.5.0
STATUS fixed in 4.1.3
PUBLISHED > 7 months
DISCOVERED < 1 hour
DESCRIPTION Versions of the package tough-cookie
before 4.1.3 are vulnerable to Prototype
Pollution due to improper handling of
Cookies when using CookieJar in re...
TRIGGERED FAILURE Yes

Thanks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dvorakd