Regular Expression Denial of Service

2017-09-12T19:41:10
ID NODEJS:530
Type nodejs
Reporter Cristian-Alexandru Staicu
Modified 2018-04-09T00:21:19

Description

Overview

Affected versions of content are vulnerable to a regular expression denial of service when parsing malicious Content-Type and Content-Disposition headers.

Recommendation

Update to version 3.0.6 or later.