Ryu-Geonwoo

**Name of the Vulnerable Software and Affected Versions** Emmett versions prior to 1.3.11 **Description** The `cookies` property in `emmett core.http.wrappers.Request` does not handle `CookieError` exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. Sending cookies containing special characters such as `/(){} `can result in insufficient error handling and a server error. The vulnerable code is located in `emmett core/http/wrappers/ init .py` at line 64. The issue can lead to performance degradation and difficulty in using the service normally. **Recommendations** Update to Emmett version 1.3.11 or later.