tough-cookie is vulnerable to regular expression denial of service (ReDoS) attack. The vulnerability exists because the COOKIE_PAIR
regular expression used to parse the cookies causes unlimited repetitions when matching input characters. By using a large cookie string, attackers can make the process hang and cause a denial of service condition.