CVE-2024-47764
Unexpected Cookie Value vulnerability in cookie (npm)
What is CVE-2024-47764 About?
This vulnerability allows for the manipulation of cookie fields due to improper handling of cookie names. Attackers can craft specific cookie names to alter other security-sensitive fields within the cookie, leading to unexpected cookie values. Exploitation is relatively easy as it relies on input manipulation.
Affected Software
Technical Details
The vulnerability arises from the serialize function where the cookie name itself is not sufficiently validated. If a malicious string containing field separators (like ';') and other cookie attributes (e.g., 'Max-Age') is passed as the cookie name, it can be parsed and interpreted as legitimate cookie attributes. For example, serialize("userName=<script>alert('XSS3')</script>; Max-Age=2592000; a", value) would incorrectly set the userName cookie to the XSS payload and ignore the intended value. This mechanism allows attackers to inject arbitrary data into cookie fields such as userName, path, or domain by simply encoding them within the provided cookie name, effectively bypassing intended cookie attribute assignments.
What is the Impact of CVE-2024-47764?
Successful exploitation may allow attackers to inject malicious scripts into cookie values, bypass security controls by altering cookie paths or domains, or compromise user sessions. This can lead to cross-site scripting (XSS), session hijacking, or other client-side attacks.
What is the Exploitability of CVE-2024-47764?
Exploitation is of low complexity, requiring no authentication or special privileges. Attackers can achieve this remotely by submitting crafted input to an application that uses the affected cookie serialization logic. The primary prerequisite is that the application uses the vulnerable cookie serialization and allows user-controlled input to influence the cookie name, path, or domain. Risk factors are increased if the application directly uses user-provided data for cookie attribute generation without proper sanitization.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-47764?
Available Upgrade Options
- cookie
- <0.7.0 → Upgrade to 0.7.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x
- https://github.com/jshttp/cookie/pull/167
- https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c
- https://github.com/jshttp/cookie
- https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x
- https://osv.dev/vulnerability/GHSA-pxg6-pf52-xh8x
- https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c
- https://github.com/jshttp/cookie/pull/167
What are Similar Vulnerabilities to CVE-2024-47764?
Similar Vulnerabilities: CVE-2023-45803 , CVE-2022-24765 , CVE-2021-3807 , CVE-2020-13757 , CVE-2019-17482
