Name of the Vulnerable Software and Affected Versions http.cookiejar (affected versions not specified)

Description The issue concerns the handling of cookies by the http.cookiejar module, specifically when using the DefaultCookiePolicy. Cookies set for a path, such as path=/any, are sent to unintended locations, like example.com/anybad/, due to a lack of proper prefix matching. The code fails to check for a slash as the first non-matching character in the path, leading to potential security issues.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.