Regular Expression Denial of Service

2016-06-16T17:36:06
ID NODEJS:106
Type nodejs
Reporter Adam Baldwin
Modified 2018-05-08T14:27:01

Description

Overview

Affected versions of negotiator are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted Accept-Language header value.

Recommendation

Update to version 0.6.1 or later.