Javascript · Tough-Cookie · CVE-2016-1000232
**Name of the Vulnerable Software and Affected Versions**
tough-cookie versions prior to 2.3.0
**Description**
The issue is related to a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing, which can result in Denial of Service. This can be exploited via a custom HTTP header passed by the client, specifically when long strings of semicolons exist in the `Set-Cookie` header.
**Recommendations**
Update to version 2.3.0 or later. As a temporary workaround, consider restricting the use of custom HTTP headers or limiting the length of strings in the `Set-Cookie` header to minimize the risk of exploitation.