CVE-2023-26136

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 1, 2023

Updated: Jun 21, 2024

CWE ID 1321

Summary

CVE-2023-26136: A vulnerability affectting tough-cookie packages prior to version 4.1.3 has been identified. This issue allows for Prototype Pollution due to improper handling of Cookies in CookieJar when rejectPublicSuffixes is set to false. The flaw emerges from the way objects are initialized, potentially enabling attackers to manipulate and inject malicious code. Users are encouraged to update their packages to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Salesforce, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r1nGXz
https://www.cve.org/CVERecord?id=CVE-2023-26136
https://nvd.nist.gov/vuln/detail/CVE-2023-26136

Back to Vulnerability Database

CVE-2023-26136

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations