tough-cookie Prototype Pollution vulnerability #529
Description
Please upgrade tough-cookie dependency as it is a security vulnerability.
The latest possible version that can be installed is 2.5.0 because of the following conflicting dependencies:
[email protected] requires tough-cookie@~2.5.0 via [email protected]
No patched version available for tough-cookie
The earliest fixed version is 4.1.3.
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.