ReDoS via long string of semicolons in tough-cookie
Moderate severity
GitHub Reviewed
Published
Oct 10, 2018
to the GitHub Advisory Database
•
Updated Apr 11, 2023
Description
Published to the GitHub Advisory Database
Oct 10, 2018
Reviewed
Jun 16, 2020
Last updated
Apr 11, 2023
Affected versions of
tough-cookie
may be vulnerable to regular expression denial of service when long strings of semicolons exist in theSet-Cookie
header.Recommendation
Update to version 2.3.0 or later.
References