David Kirchner

**Name of the Vulnerable Software and Affected Versions** tough-cookie versions prior to 2.3.0 **Description** The issue is related to a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing, which can result in Denial of Service. This can be exploited via a custom HTTP header passed by the client, specifically when long strings of semicolons exist in the `Set-Cookie` header. **Recommendations** Update to version 2.3.0 or later. As a temporary workaround, consider restricting the use of custom HTTP headers or limiting the length of strings in the `Set-Cookie` header to minimize the risk of exploitation.