Salesforce Tough Cookie
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Salesforce Tough Cookie.
By the Year
In 2026 there have been 0 vulnerabilities in Salesforce Tough Cookie. Tough Cookie did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
It may take a day or so for new Tough Cookie vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Salesforce Tough Cookie Security Vulnerabilities
tough-cookie <4.1.3 Prototype Pollution via CookieJar rejectPublicSuffixes=false
CVE-2023-26136
9.8 - Critical
- July 01, 2023
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
Prototype Pollution
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Salesforce Tough Cookie or by Salesforce? Click the Watch button to subscribe.
