VYPR
Moderate severityNVD Advisory· Published Jul 1, 2023· Updated Aug 27, 2025

CVE-2023-26136

CVE-2023-26136

Description

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tough-cookienpm
< 4.1.34.1.3

Affected products

3

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.