Medium severity5.3NVD Advisory· Published Sep 5, 2018· Updated Jun 17, 2026
CVE-2016-1000232
CVE-2016-1000232
Description
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tough-cookienpm | < 2.3.0 | 2.3.0 |
Affected products
1Patches
Vulnerability mechanics
References
10- github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235aenvdPatchThird Party AdvisoryWEB
- github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534nvdPatchThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:2101nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2912nvdThird Party AdvisoryWEB
- access.redhat.com/security/cve/cve-2016-1000232nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-qhv9-728r-6jqgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-1000232ghsaADVISORY
- www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/nvdThird Party Advisory
- www.npmjs.com/advisories/130nvdThird Party AdvisoryWEB
- www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232ghsaWEB
News mentions
0No linked articles in our index yet.