[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-26136":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":93,"aliases":111,"duplicate_of":9,"upstream":113,"downstream":114,"duplicates":131,"related":132,"reserved_at":9,"published_at":139,"modified_at":140,"state":141,"summary":142,"references_raw":150,"kevs":213,"epss":214,"epss_history":217,"metrics":472,"affected":486},"CVE-2023-26136","Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-1321","Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.","weakness","Incomplete","Variant",[19,67,89],{"id":20,"name":21,"techniques":22},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[23],{"id":24,"name":25,"tactics":26,"countermeasures":42},"T1574.010","Services File Permissions Weakness",[27,30,33,36,39],{"id":28,"name":29},"TA0110","Persistence",{"id":31,"name":32},"TA0111","Privilege Escalation",{"id":34,"name":35},"TA0030","Defense Evasion",{"id":37,"name":38},"TA0005","Stealth",{"id":40,"name":41},"TA0104","Execution",[43,48,52,57,62],{"id":44,"name":45,"tactic":46},"D3-SWI","Software Inventory",{"name":47},"Model",{"id":49,"name":50,"tactic":51},"D3-AVE","Asset Vulnerability Enumeration",{"name":47},{"id":53,"name":54,"tactic":55},"D3-SBV","Service Binary Verification",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SU","Software Update",{"name":61},"Harden",{"id":63,"name":64,"tactic":65},"D3-RS","Restore Software",{"name":66},"Restore",{"id":68,"name":69,"techniques":70},"CAPEC-180","Exploiting Incorrectly Configured Access Control Security Levels",[71],{"id":24,"name":25,"tactics":72,"countermeasures":78},[73,74,75,76,77],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[79,81,83,85,87],{"id":44,"name":45,"tactic":80},{"name":47},{"id":49,"name":50,"tactic":82},{"name":47},{"id":53,"name":54,"tactic":84},{"name":56},{"id":58,"name":59,"tactic":86},{"name":61},{"id":63,"name":64,"tactic":88},{"name":66},{"id":90,"name":91,"techniques":92},"CAPEC-77","Manipulating User-Controlled Variables",[],[94,103],{"_key":95,"name":96,"source":97,"url":98,"maturity":99,"reliability_score":100,"verified":101,"type":9,"platforms":102,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_SALESFORCE_TOUGH-COOKIE","Tough Cookie","github","https://github.com/salesforce/tough-cookie/issues/282","poc",0.3,false,[],{"_key":104,"name":105,"source":106,"url":107,"maturity":108,"reliability_score":109,"verified":101,"type":9,"platforms":110,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_B37044345ACF3793","Exploit Reference (security.snyk.io)","reference","https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873","unknown",0.2,[],[112],"GHSA-72xf-g2v4-qvf3",[],[115,117,119,121,123,125,127,129],{"_key":116},"UBUNTU-CVE-2023-26136",{"_key":118},"DLA-3488-1",{"_key":120},"MGASA-2024-0080",{"_key":122},"MGASA-2025-0194",{"_key":124},"DEBIAN-CVE-2023-26136",{"_key":126},"RHSA-2023:5484",{"_key":128},"RHSA-2023:5485",{"_key":130},"RHSA-2023:5486",[],[133,134,135,137],{"_key":120},{"_key":122},{"_key":136},"CGA-HF6Q-478M-MM8P",{"_key":138},"CGA-W2VF-2FV3-C8F9","2023-07-01T05:00:01.115Z","2025-08-27T20:32:53.151Z","Modified",{"cisa_kev":101,"cisa_ransomware":101,"cisa_vendor":9,"epss_severity":143,"epss_score":144,"severity":145,"severity_score":146,"severity_version":147,"severity_source":148,"severity_vector":149,"severity_status":141},"low",0.06248,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[151,160,165,170,175,179,183,187,191,196,201,205,209],{"url":107,"sources":152,"tags":155},[153,148,154],"cve.org","osv_npm",[156,157,158,159],"Exploit","Technical Description","Third Party Advisory","WEB",{"url":98,"sources":161,"tags":162},[153,148,154],[156,163,164,159],"Issue Tracking","Vendor Advisory",{"url":166,"sources":167,"tags":168},"https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e",[153,148,154],[169,159],"Patch",{"url":171,"sources":172,"tags":173},"https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3",[153,148,154],[174,159],"Release Notes",{"url":176,"sources":177,"tags":178},"https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html",[153,148,154],[159],{"url":180,"sources":181,"tags":182},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/",[153,148],[],{"url":184,"sources":185,"tags":186},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/",[153,148],[],{"url":188,"sources":189,"tags":190},"https://security.netapp.com/advisory/ntap-20240621-0006/",[153,148],[],{"url":192,"sources":193,"tags":194},"https://nvd.nist.gov/vuln/detail/CVE-2023-26136",[154],[195],"Advisory",{"url":197,"sources":198,"tags":199},"https://github.com/salesforce/tough-cookie",[154],[200],"PACKAGE",{"url":202,"sources":203,"tags":204},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2",[154],[159],{"url":206,"sources":207,"tags":208},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ",[154],[159],{"url":210,"sources":211,"tags":212},"https://security.netapp.com/advisory/ntap-20240621-0006",[154],[159],[],{"date":215,"score":144,"percentile":216},"2026-06-04",0.91065,[218,222,224,227,230,233,236,239,242,244,247,250,253,256,259,263,266,269,272,274,277,279,282,285,287,290,293,295,298,301,304,307,309,311,313,315,318,321,324,327,329,332,335,338,341,344,348,351,354,357,360,363,366,368,371,373,375,377,380,383,386,389,392,395,398,401,404,407,410,413,416,419,422,425,428,431,433,436,439,442,445,447,450,453,456,459,462,465,467,469],{"date":219,"score":220,"percentile":221},"2025-11-04",0.06872,0.90956,{"date":223,"score":220,"percentile":221},"2025-11-05",{"date":225,"score":220,"percentile":226},"2025-11-06",0.90958,{"date":228,"score":220,"percentile":229},"2025-11-07",0.90965,{"date":231,"score":220,"percentile":232},"2025-11-08",0.90964,{"date":234,"score":220,"percentile":235},"2025-11-09",0.90962,{"date":237,"score":220,"percentile":238},"2025-11-10",0.90963,{"date":240,"score":220,"percentile":241},"2025-11-11",0.90961,{"date":243,"score":220,"percentile":229},"2025-11-12",{"date":245,"score":220,"percentile":246},"2025-11-13",0.90968,{"date":248,"score":220,"percentile":249},"2025-11-14",0.9097,{"date":251,"score":220,"percentile":252},"2025-11-15",0.90967,{"date":254,"score":220,"percentile":255},"2025-11-16",0.90973,{"date":257,"score":220,"percentile":258},"2025-11-17",0.90971,{"date":260,"score":261,"percentile":262},"2025-11-18",0.22519,0.9546,{"date":264,"score":261,"percentile":265},"2025-11-19",0.95461,{"date":267,"score":261,"percentile":268},"2025-11-20",0.95464,{"date":270,"score":220,"percentile":271},"2025-11-21",0.90977,{"date":273,"score":220,"percentile":271},"2025-11-22",{"date":275,"score":220,"percentile":276},"2025-11-23",0.9098,{"date":278,"score":220,"percentile":276},"2025-11-24",{"date":280,"score":220,"percentile":281},"2025-11-25",0.90983,{"date":283,"score":220,"percentile":284},"2025-11-26",0.90981,{"date":286,"score":220,"percentile":284},"2025-11-27",{"date":288,"score":220,"percentile":289},"2025-11-28",0.90972,{"date":291,"score":220,"percentile":292},"2025-11-29",0.91007,{"date":294,"score":220,"percentile":292},"2025-11-30",{"date":296,"score":220,"percentile":297},"2025-12-01",0.91058,{"date":299,"score":220,"percentile":300},"2025-12-02",0.91056,{"date":302,"score":220,"percentile":303},"2025-12-03",0.91057,{"date":305,"score":220,"percentile":306},"2025-12-04",0.91003,{"date":308,"score":220,"percentile":292},"2025-12-05",{"date":310,"score":220,"percentile":292},"2025-12-06",{"date":312,"score":220,"percentile":306},"2025-12-07",{"date":314,"score":220,"percentile":306},"2025-12-08",{"date":316,"score":220,"percentile":317},"2025-12-09",0.91006,{"date":319,"score":220,"percentile":320},"2025-12-10",0.91012,{"date":322,"score":220,"percentile":323},"2025-12-11",0.91019,{"date":325,"score":220,"percentile":326},"2025-12-12",0.91022,{"date":328,"score":220,"percentile":320},"2025-12-13",{"date":330,"score":220,"percentile":331},"2025-12-14",0.91011,{"date":333,"score":220,"percentile":334},"2025-12-15",0.91014,{"date":336,"score":220,"percentile":337},"2025-12-16",0.91023,{"date":339,"score":220,"percentile":340},"2025-12-17",0.91032,{"date":342,"score":220,"percentile":343},"2025-12-18",0.91035,{"date":345,"score":346,"percentile":347},"2025-12-19",0.06371,0.90654,{"date":349,"score":346,"percentile":350},"2025-12-20",0.90653,{"date":352,"score":220,"percentile":353},"2025-12-21",0.91046,{"date":355,"score":220,"percentile":356},"2025-12-22",0.91042,{"date":358,"score":220,"percentile":359},"2025-12-23",0.91052,{"date":361,"score":220,"percentile":362},"2025-12-24",0.91059,{"date":364,"score":220,"percentile":365},"2025-12-25",0.9106,{"date":367,"score":220,"percentile":297},"2025-12-26",{"date":369,"score":220,"percentile":370},"2025-12-27",0.91105,{"date":372,"score":220,"percentile":300},"2025-12-28",{"date":374,"score":220,"percentile":359},"2025-12-29",{"date":376,"score":220,"percentile":300},"2025-12-30",{"date":378,"score":220,"percentile":379},"2025-12-31",0.91066,{"date":381,"score":220,"percentile":382},"2026-01-01",0.91132,{"date":384,"score":220,"percentile":385},"2026-01-02",0.91127,{"date":387,"score":220,"percentile":388},"2026-01-03",0.91126,{"date":390,"score":220,"percentile":391},"2026-01-04",0.91079,{"date":393,"score":220,"percentile":394},"2026-01-05",0.91076,{"date":396,"score":220,"percentile":397},"2026-01-06",0.9108,{"date":399,"score":220,"percentile":400},"2026-01-07",0.91083,{"date":402,"score":220,"percentile":403},"2026-01-08",0.91086,{"date":405,"score":220,"percentile":406},"2026-01-09",0.91091,{"date":408,"score":220,"percentile":409},"2026-01-10",0.91095,{"date":411,"score":220,"percentile":412},"2026-01-11",0.91088,{"date":414,"score":220,"percentile":415},"2026-01-12",0.91089,{"date":417,"score":220,"percentile":418},"2026-01-13",0.91087,{"date":420,"score":220,"percentile":421},"2026-01-14",0.91098,{"date":423,"score":220,"percentile":424},"2026-01-15",0.91102,{"date":426,"score":220,"percentile":427},"2026-01-16",0.91106,{"date":429,"score":220,"percentile":430},"2026-01-17",0.91109,{"date":432,"score":220,"percentile":430},"2026-01-18",{"date":434,"score":220,"percentile":435},"2026-01-19",0.9111,{"date":437,"score":220,"percentile":438},"2026-01-20",0.91112,{"date":440,"score":220,"percentile":441},"2026-01-21",0.91115,{"date":443,"score":220,"percentile":444},"2026-01-22",0.91118,{"date":446,"score":220,"percentile":385},"2026-01-23",{"date":448,"score":220,"percentile":449},"2026-01-24",0.91135,{"date":451,"score":220,"percentile":452},"2026-01-25",0.91133,{"date":454,"score":220,"percentile":455},"2026-01-26",0.91136,{"date":457,"score":220,"percentile":458},"2026-01-27",0.91139,{"date":460,"score":220,"percentile":461},"2026-01-28",0.91144,{"date":463,"score":220,"percentile":464},"2026-01-29",0.91145,{"date":466,"score":220,"percentile":461},"2026-01-30",{"date":468,"score":220,"percentile":464},"2026-01-31",{"date":470,"score":220,"percentile":471},"2026-02-01",0.91198,[473,480,483],{"source":153,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":474,"cvss_v4_0":9},{"baseScore":475,"baseSeverity":476,"vectorString":477,"impactScore":478,"exploitabilityScore":479},6.5,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P",4.2,10,{"source":148,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":481,"cvss_v4_0":9},{"baseScore":146,"baseSeverity":482,"vectorString":149,"impactScore":146,"exploitabilityScore":479},"CRITICAL",{"source":154,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":484,"cvss_v4_0":9},{"baseScore":475,"baseSeverity":9,"vectorString":485,"impactScore":478,"exploitabilityScore":479},"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",[487,498],{"ecosystem":488,"name":489,"vendor":488,"product":489,"cpe_part":9,"purl_type":490,"purl_namespace":9,"purl_name":489,"source":9,"versions":491},"Npm","tough-cookie","npm",[492],{"version":493,"is_range":494,"range_type":495,"version_start":9,"version_start_type":9,"version_end":496,"version_end_type":497,"fixed_in":9},"lt4_1_3",true,"semver","4.1.3","excluding",{"ecosystem":9,"name":489,"vendor":499,"product":489,"cpe_part":500,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":501},"salesforce","a",[502],{"version":503,"is_range":494,"range_type":504,"version_start":9,"version_start_type":9,"version_end":496,"version_end_type":497,"fixed_in":9},"lt4.1.3","cpe"]