NodeJS/tough-cookie/4.0.0

RFC6265 Cookies and Cookie Jar for node.js

https://www.npmjs.com/package/tough-cookie
BSD-3-Clause

1 Security Vulnerabilities

tough-cookie Prototype Pollution vulnerability

Published date: 2023-07-01T06:30:16Z
CVE: CVE-2023-26136
Links:

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

Affected versions: ["4.1.2", "4.1.1", "4.1.0", "4.0.0", "3.0.1", "3.0.0", "2.5.0", "2.4.3", "2.4.2", "2.3.4", "2.3.3", "2.3.2", "2.3.1", "2.3.0", "2.2.2", "2.2.1", "2.2.0", "2.1.0", "2.0.0", "1.2.0", "1.1.0", "1.0.0", "0.13.0", "0.12.1", "0.12.0", "0.11.0", "0.10.0", "0.9.15", "0.9.14", "0.9.13", "0.9.12", "0.9.11", "0.9.9", "0.9.8", "0.9.7", "0.9.6", "0.9.5", "0.9.4", "0.9.3", "0.9.1", "0.9.0"]
Secure versions: [4.1.3, 4.1.4, 5.0.0, 5.0.0-rc.0, 5.0.0-rc.1, 5.0.0-rc.2, 5.0.0-rc.3, 5.0.0-rc.4, 5.1.0, 5.1.0-rc.0, 5.1.1, 5.1.2, 6.0.0, 6.0.0-rc.0, 6.0.0-rc.1, 6.0.0-rc.2, 6.0.1]
Recommendation: Update to version 6.0.1.

58 Other Versions

Version License Security Released
6.0.1 BSD-3-Clause 2026-03-12 - 18:39 about 2 months
6.0.0 BSD-3-Clause 2025-08-14 - 19:56 9 months
6.0.0-rc.2 BSD-3-Clause 2025-08-04 - 16:53 9 months
6.0.0-rc.1 BSD-3-Clause 2025-07-24 - 14:54 9 months
6.0.0-rc.0 BSD-3-Clause 2025-05-02 - 13:50 12 months
5.1.2 BSD-3-Clause 2025-02-28 - 18:27 about 1 year
5.1.1 BSD-3-Clause 2025-02-07 - 17:32 about 1 year
5.1.0 BSD-3-Clause 2025-01-09 - 15:36 over 1 year
5.1.0-rc.0 BSD-3-Clause 2025-01-08 - 18:57 over 1 year
5.0.0 BSD-3-Clause 2024-09-09 - 16:40 over 1 year
5.0.0-rc.4 BSD-3-Clause 2024-07-19 - 17:42 almost 2 years
5.0.0-rc.3 BSD-3-Clause 2024-07-10 - 13:23 almost 2 years
5.0.0-rc.2 BSD-3-Clause 2024-05-16 - 20:03 almost 2 years
5.0.0-rc.1 BSD-3-Clause 2024-02-29 - 18:21 about 2 years
5.0.0-rc.0 BSD-3-Clause 2023-09-27 - 16:06 over 2 years
4.1.4 BSD-3-Clause 2024-04-29 - 14:11 about 2 years
4.1.3 BSD-3-Clause 2023-06-05 - 17:32 almost 3 years
4.1.2 BSD-3-Clause 1 2022-08-25 - 18:51 over 3 years
4.1.1 BSD-3-Clause 1 2022-08-24 - 19:38 over 3 years
4.1.0 BSD-3-Clause 1 2022-08-22 - 17:35 over 3 years
4.0.0 BSD-3-Clause 1 2020-03-19 - 19:20 about 6 years
3.0.1 BSD-3-Clause 1 2019-02-05 - 03:09 about 7 years
3.0.0 BSD-3-Clause 1 2019-01-08 - 19:52 over 7 years
2.5.0 BSD-3-Clause 1 2018-11-26 - 22:58 over 7 years
2.4.3 BSD-3-Clause 1 2018-06-25 - 20:56 almost 8 years
2.4.2 BSD-3-Clause 1 2018-06-04 - 23:05 almost 8 years
2.3.4 BSD-3-Clause 1 2018-02-26 - 22:29 about 8 years
2.3.3 BSD-3-Clause 1 2017-09-21 - 21:05 over 8 years
2.3.2 BSD-3-Clause 2 2016-10-25 - 17:07 over 9 years
2.3.1 BSD-3-Clause 2 2016-07-26 - 01:01 almost 10 years
2.3.0 BSD-3-Clause 2 2016-07-21 - 18:44 almost 10 years
2.2.2 BSD-3-Clause 4 2016-03-09 - 23:03 about 10 years
2.2.1 BSD-3-Clause 4 2015-11-13 - 01:52 over 10 years
2.2.0 BSD-3-Clause 4 2015-10-06 - 23:18 over 10 years
2.1.0 BSD-3-Clause 4 2015-10-02 - 17:49 over 10 years
2.0.0 BSD-3-Clause 4 2015-06-10 - 22:13 almost 11 years
1.2.0 BSD-3-Clause 4 2015-05-25 - 16:49 almost 11 years
1.1.0 BSD-3-Clause 4 2015-04-28 - 18:14 about 11 years
1.0.0 BSD-3-Clause 4 2015-04-28 - 01:38 about 11 years
0.13.0 BSD-3-Clause 4 2015-04-22 - 01:25 about 11 years
0.12.1 MIT 4 2014-01-16 - 18:26 over 12 years
0.12.0 MIT 4 2014-01-13 - 21:32 over 12 years
0.11.0 MIT 4 2014-01-13 - 18:21 over 12 years
0.10.0 MIT 4 2014-01-10 - 21:47 over 12 years
0.9.15 BSD-3-Clause 4 2013-01-25 - 17:35 over 13 years
0.9.14 BSD-3-Clause 4 2012-09-28 - 17:45 over 13 years
0.9.13 BSD-3-Clause 4 2012-05-08 - 16:21 almost 14 years
0.9.12 BSD-3-Clause 4 2012-04-25 - 16:48 about 14 years
0.9.11 BSD-3-Clause 4 2012-04-23 - 17:02 about 14 years
0.9.9 BSD-3-Clause 4 2012-04-17 - 02:38 about 14 years