Lucene search
HackeroneCVELIST:CVE-2016-10539HistoryApr 26, 2018 - 12:00 a.m.
CVE-2016-10539
2018-04-2600:00:00
CWE-400
hackerone
www.cve.org
0.001 Low
EPSS
Percentile
44.7%
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for “Accept-Language”, when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.
CNA Affected
[
{
"product": "negotiator node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "<= 0.6.0"
}
]
}
]References
Related
cve
cve
CVE-2016-10539
2018-05-31 20:29:01
CVE-2016-1000022
2019-12-20 13:15:11
osv
osv
Regular Expression Denial of Service in negotiator
2018-10-09 00:30:30
CVE-2016-10539
2018-05-31 20:29:01
prion
prion
Design/Logic Flaw
2018-05-31 20:29:00
Design/Logic Flaw
2019-12-20 13:15:00
nvd
nvd
CVE-2016-10539
2018-05-31 20:29:01
CVE-2016-1000022
2019-12-20 13:15:11
debiancve
debiancve
CVE-2016-10539
2018-05-31 20:29:01
nodejs
nodejs
Regular Expression Denial of Service
2016-05-04 16:34:12
github
github
Regular Expression Denial of Service in negotiator
2018-10-09 00:30:30
ubuntucve
ubuntucve
CVE-2016-10539
2018-05-31 00:00:00