You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
tough cookie
About this tag
The tough-cookie tag on WindowsForum.com covers discussions about the tough-cookie Node.js library, particularly the prototype pollution vulnerability CVE-2023-26136. This security flaw affects versions before 4.1.3 when CookieJar is created with rejectPublicSuffixes=false, allowing specially crafted cookie domains to modify JavaScript object prototypes. The fix was released in version 4.1.3. Topics include vulnerability details, remediation steps, and updates related to this widely used Salesforce library. While the tag originates from a Node.js context, it is relevant to Windows and web developers managing cookie handling in JavaScript applications.
Salesforce’s widely used Node.js cookie library tough-cookie was found to contain a prototype pollution vulnerability (CVE‑2023‑26136) that affects every release before 4.1.3 when a CookieJar is created with the option rejectPublicSuffixes=false; the flaw allows specially crafted cookie domains...