High severity7.5NVD Advisory· Published Oct 4, 2017· Updated Jun 17, 2026
CVE-2017-15010
CVE-2017-15010
Description
A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tough-cookienpm | < 2.3.3 | 2.3.3 |
Affected products
2Patches
Vulnerability mechanics
References
14- snyk.io/vuln/npm:tough-cookie:20170905nvdPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/101185nvdThird Party AdvisoryVDB EntryWEB
- access.redhat.com/errata/RHSA-2017:2912nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2913nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1263nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1264nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-g7q5-pjjr-gqvpghsaADVISORY
- github.com/salesforce/tough-cookie/issues/92nvdIssue TrackingVendor AdvisoryWEB
- nodesecurity.io/advisories/525nvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2017-15010ghsaADVISORY
- github.com/salesforce/tough-cookie/commit/f1ed420a6a92ea7a5418df6e39e676556bc0c71dghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFTghsaWEB
- www.npmjs.com/advisories/525ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/nvd
News mentions
0No linked articles in our index yet.