Candidate: CVE-2017-15010
PublicDate: 2017-10-04 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15010
 https://github.com/salesforce/tough-cookie/issues/92
 https://nodesecurity.io/advisories/525
 https://snyk.io/vuln/npm:tough-cookie:20170905
Description:
 A ReDoS (regular expression denial of service) flaw was found in the
 tough-cookie module before 2.3.3 for Node.js. An attacker that is able to
 make an HTTP request using a specially crafted cookie may cause the
 application to consume an excessive amount of CPU.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877660
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_node-tough-cookie:
upstream_node-tough-cookie: released (2.3.4+dfsg-1)
precise/esm_node-tough-cookie: DNE
trusty_node-tough-cookie: DNE
trusty/esm_node-tough-cookie: DNE
vivid/ubuntu-core_node-tough-cookie: DNE
xenial_node-tough-cookie: DNE
zesty_node-tough-cookie: DNE
artful_node-tough-cookie: ignored (reached end-of-life)
bionic_node-tough-cookie: needed
cosmic_node-tough-cookie: not-affected (2.3.4+dfsg-1)
disco_node-tough-cookie: not-affected (2.3.4+dfsg-1)
eoan_node-tough-cookie: not-affected (2.3.4+dfsg-1)
focal_node-tough-cookie: not-affected (2.3.4+dfsg-1)
groovy_node-tough-cookie: not-affected (2.3.4+dfsg-1)
hirsute_node-tough-cookie: not-affected (2.3.4+dfsg-1)
impish_node-tough-cookie: not-affected (2.3.4+dfsg-1)
jammy_node-tough-cookie: not-affected (2.3.4+dfsg-1)
devel_node-tough-cookie: not-affected (2.3.4+dfsg-1)