CVE-2016-1000232

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-1000232

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000232.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-1000232

Aliases

GHSA-qhv9-728r-6jqg

Related

Published

2018-09-05T17:29:00Z

Modified

2024-05-30T00:51:57.322311Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.

References

Affected packages

Git / github.com/salesforce/tough-cookie

Affected ranges

Type: GIT
Repo: https://github.com/salesforce/tough-cookie
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

615627206357d997d5e6ff9da158997de05235ae

Fixed

e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534

Affected versions

v0.*

v0.10.0

v0.11.0

v0.12.0

v0.12.1

v0.13.0

v0.9.1

v0.9.10

v0.9.11

v0.9.12

v0.9.14

v0.9.15

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v1.*

v1.0.0

v1.1.0

v1.2.0

v2.*

v2.0.0

v2.1.0

v2.2.0

v2.2.1

v2.2.2