Kokorin Vsevolod

**Name of the Vulnerable Software and Affected Versions** tough-cookie versions prior to 4.1.3 **Description** The issue arises from improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode, leading to Prototype Pollution. This vulnerability is related to insufficient control over the modification of dynamically defined object characteristics, which can allow a remote attacker to execute arbitrary JavaScript code. **Recommendations** For versions prior to 4.1.3, update to version 4.1.3 or later to resolve the issue. As a temporary workaround, consider disabling the use of CookieJar in `rejectPublicSuffixes=false` mode until a patch is available. Restrict access to the CookieJar module to minimize the risk of exploitation. Avoid using the `rejectPublicSuffixes` parameter in the affected CookieJar mode until the issue is resolved.