You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2023 26136
About this tag
CVE-2023-26136 is a prototype pollution vulnerability in the tough-cookie Node.js library maintained by Salesforce. The flaw affects all versions before 4.1.3 when a CookieJar is created with the option rejectPublicSuffixes=false. Attackers can craft cookie domains like Domain=proto to leak or modify properties on JavaScript's object prototype. The stable fix was released in version 4.1.3. This tag covers discussions about the vulnerability, its impact, and remediation steps for developers using tough-cookie in Node.js applications.
Salesforce’s widely used Node.js cookie library tough-cookie was found to contain a prototype pollution vulnerability (CVE‑2023‑26136) that affects every release before 4.1.3 when a CookieJar is created with the option rejectPublicSuffixes=false; the flaw allows specially crafted cookie domains...