@preeternal/react-native-cookie-manager is vulnerable to Improper Cookie Domain Validation
59
Medium Risk
The library validates a cookie's domain against the request host using an unanchored substring check in the native Android and iOS implementations. Because the host or the cookie domain only needs to contain the other value as a substring, a cookie scoped to a domain such as example.com is accepted for unrelated hosts like notexample.com, and cookies can match hosts they do not belong to. This allows cookies to be set for or returned to unintended hosts, enabling cookie misuse across origins. The fix replaces the substring check with case-insensitive exact-host or parent-domain (dot-suffix) matching.
You are affected if you are using a version that falls within the vulnerable range and your application sets or reads cookies for hosts or cookie domains that can be influenced by untrusted input.
@preeternal/react-native-cookie-manager is vulnerable to Improper Cookie Domain Validation in versions 6.3.0 - 6.3.2.
Upgrade the @preeternal/react-native-cookie-manager library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant