Security vulnerability in tough-cookie through request

[holm]

tough-cookie has a ReDOS vulnerability that is fixed in 2.3.0. This repo depends on request, which has recently been updated to require the fixed version. See https://nodesecurity.io/advisories/130.

It would be great if this could be updated to support 2.74.0 of request and released.

[tbetbetbe]

ok, will do shortly

On 25 July 2016 at 20:58, Christian Holm notifications@github.com wrote:

tough-cookie has a ReDOS vulnerability that is fixed in 2.3.0. This repo
depends on request, which has recently been updated to require the fixed
version. See https://nodesecurity.io/advisories/130.

It would be great if this could be updated to support 2.74.0 of request
and released.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#90, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AI18FoRnMznZhc-YNOhIOd2wktiFalJjks5qZKUBgaJpZM4JUDKF
.

This email may be confidential or privileged. If you received this
communication by mistake, please don't forward it to anyone else (it may
contain confidential or privileged information), please erase all copies of
it, including all attachments, and please let the sender know it went to
the wrong person. Thanks.