Vulnerability Description
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.
Related Weaknesses (CWE)
References
- https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c
- https://github.com/jshttp/cookie/pull/167
- https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x
FAQ
What is CVE-2024-47764?
CVE-2024-47764 is a documented vulnerability. cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be ...
How severe is CVE-2024-47764?
CVSS scoring is not yet available for CVE-2024-47764. Check NVD for updates.
Is there a patch for CVE-2024-47764?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.