First published: Thu Sep 21 2017(Updated: )
A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/tough-cookie | <2.3.3 | 2.3.3 |
Salesforce Tough-cookie | <=2.3.2 | |
npm/tough-cookie | <2.3.3 | 2.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.