Regular Expression Denial of Service

2016-05-0416:34:12

Adam Baldwin

www.npmjs.com

0.001 Low

EPSS

Percentile

44.7%

JSON

Overview

Affected versions of negotiator are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted Accept-Language header value.

Recommendation

Update to version 0.6.1 or later.

References

GitHub Advisory

CPENameOperatorVersion
negotiatorle 0.6.0

CPE	Name	Operator	Version
	negotiator	le	0.6.0

0.001 Low

EPSS

Percentile

44.7%

JSON

Related for NODEJS:106