CVE-2024-47764

Publication date 4 October 2024

Last updated 9 October 2024

Ubuntu priority

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
node-cookie	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2024-47764
https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x
https://github.com/jshttp/cookie/pull/167
https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c (v0.7.0)
https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c