Regular Expression Denial of Service

2016-06-16T17:36:06
ID NODEJS:106
Type nodejs
Reporter Adam Baldwin
Modified 2016-06-16T17:36:06

Description

Overview

Affected versions of negotiator are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted Accept- Language header value.

Remediation

Update to version 0.6.1 or later.