Overview
Affected versions of tough-cookie may be vulnerable to regular expression denial of service when long strings of semicolons exist in the Set-Cookie header.
Remediation
Update to version 2.3.0 or later.
Have content suggestions? Send them to [email protected]
Advisory timeline
published
Advisory publishedJul 22nd, 2016reported
Initial report by David KirchnerJul 22nd, 2016
