CVE-2023-26136
ADVISORY - githubSummary
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
EPSS Score: 0.06872 (0.910)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
ADVISORY - github
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
ADVISORY - gitlab
ADVISORY - redhat
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
NIST
CREATED
UPDATED
ADVISORY IDCVE-2023-26136
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-72xf-g2v4-qvf3
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2023-26136
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2023-26136
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
9.8mediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2023-26136
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-hf6q-478m-mm8p
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
intheWild
CREATED
UPDATED
ADVISORY IDCVE-2023-26136
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-