Severity: moderate

ReDoS via long string of semicolons

tough-cookie

Overview

Affected versions of tough-cookie may be vulnerable to regular expression denial of service when long strings of semicolons exist in the Set-Cookie header.

Remediation

Update to version 2.3.0 or later.

Advisory timeline

  1. published

    Advisory published
    Jul 22nd, 2016
  2. reported

    Jul 22nd, 2016