ReDoS Vulnerability in Tough-Cookie Module for Node.js
CVE-2017-15010

7.5HIGH

Key Information:

Vendor

Salesforce

Status
Tough-cookie
Vendor
CVE Published:
4 October 2017

What is CVE-2017-15010?

A vulnerability was discovered in the tough-cookie module for Node.js prior to version 2.3.3. This flaw can be exploited through specially crafted HTTP requests that include malicious cookies, which may lead to excessive CPU consumption and denial of service. Proper validation and sanitization of cookie data are essential to mitigate the risk associated with this vulnerability.

References

https://access.redhat.com/errata/RHSA-2017:2913
vendor-advisoryx_refsource_REDHAT
https://nodesecurity.io/advisories/525
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101185
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.