Skip to content

cookie-0.4.0.tgz: 1 vulnerabilities (highest severity is: 6.9) [169] #12

Description

@renovate
📂 Vulnerable Library - cookie-0.4.0.tgz

HTTP server cookie parsing and serialization

Library home page: https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz

Path to dependency file: /remote/package.json

Findings

Finding Severity 🎯 CVSS Exploit Maturity EPSS Library Type Fixed in Remediation Available
CVE-2024-47764 🟠 Medium 6.9 Not Defined < 1% cookie-0.4.0.tgz Direct cookie - 0.7.0

Details

🟠CVE-2024-47764

Vulnerable Library - cookie-0.4.0.tgz

HTTP server cookie parsing and serialization

Library home page: https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz

Path to dependency file: /remote/package.json

Dependency Hierarchy:

  • cookie-0.4.0.tgz (Vulnerable Library)

Vulnerability Details

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.

Publish Date: Oct 04, 2024 07:09 PM

URL: CVE-2024-47764

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 6.9


Suggested Fix

Type: Upgrade version

Origin: GHSA-pxg6-pf52-xh8x

Release Date: Oct 04, 2024 07:09 PM

Fix Resolution : cookie - 0.7.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions