# N/A
## 概述
在 rejectPublicSuffixes=false 模式下使用 CookieJar 时,由于对 Cookies 的不当处理,tough-cookie 包的版本小于 4.1.3 存在原型污染漏洞。
## 影响版本
- tough-cookie < 4.1.3
## 细节
该漏洞源于对象初始化的方式。当拒绝对公共后缀进行处理时(即 rejectPublicSuffixes=false),tough-cookie 未能正确处理 Cookies,从而导致原型污染。
## 影响
攻击者可能通过污染原型对象的属性来修改程序行为,进而导致安全风险。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Researching on the vulnrability CVE-2023-26136 | https://github.com/CUCUMBERanOrSNCompany/SealSecurityAssignment | POC详情 |
| 2 | Fix open source package tough-cookie V 2.5.0 - CVE-2023-26136 rated as a critical vulnerability | https://github.com/ronmadar/Open-Source-Package | POC详情 |
| 3 | Fix open source package uses tough-cookie 2.5.0 to process their clients' cookies. Unfortunately, it is affected by CVE-2023-26136. | https://github.com/ronmadar/Open-Source-Package-Seal-Security | POC详情 |
| 4 | Fix open source package uses tough-cookie 2.5.0 - CVE-2023-26136, | https://github.com/ronmadar/Open-Source-Seal-Security | POC详情 |
| 5 | Fix prototype pollution vulnerability (CVE-2023-26136) for tough-cookie package | https://github.com/m-lito13/SealSecurity_Exam | POC详情 |
| 6 | CVE-2023-26136 vulnerability research | https://github.com/dani33339/tough-cookie-Seal-Security | POC详情 |
| 7 | CVE-2023-26136 vulnerability research | https://github.com/dani33339/tough-cookie-SealSecurity | POC详情 |
| 8 | This repository contains a solution for the CVE-2023-26136 vulnerability. | https://github.com/morrisel/CVE-2023-26136 | POC详情 |
| 9 | CVE-2023-26136 vulnerability research | https://github.com/dani33339/Tough-Cookie-v2.5.0-Patched | POC详情 |
| 10 | ecurity patch for CVE-2023-26136 in tough-cookie 2.5.0 - Prototype pollution vulnerability fix with backward compatibility | https://github.com/uriyahav/tough-cookie-2.5.0-cve-2023-26136-fix | POC详情 |
| 11 | None | https://github.com/guy2610/tough-cookie-patch-cve-2023-26136 | POC详情 |
暂无评论