Lucene search
GoogleOSV:CVE-2016-10539HistoryMay 31, 2018 - 8:29 p.m.
CVE-2016-10539
2018-05-3120:29:01
Google
osv.dev
4
0.001 Low
EPSS
Percentile
44.7%
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for “Accept-Language”, when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.
| CPE | Name | Operator | Version |
|---|---|---|---|
| negotiator | eq | 0.6.0 | |
| negotiator | eq | 0.5.0 | |
| negotiator | eq | 0.4.6 | |
| negotiator | eq | 0.5.3 | |
| negotiator | eq | 0.4.8 | |
| negotiator | eq | 0.4.9 | |
| negotiator | eq | 0.3.0 | |
| negotiator | eq | 0.5.1 | |
| negotiator | eq | 0.5.2 | |
| negotiator | eq | 0.4.3 |
References
Related
osv
osv
Regular Expression Denial of Service in negotiator
2018-10-09 00:30:30
prion
prion
Design/Logic Flaw
2018-05-31 20:29:00
Design/Logic Flaw
2019-12-20 13:15:00
nvd
nvd
CVE-2016-10539
2018-05-31 20:29:01
CVE-2016-1000022
2019-12-20 13:15:11
cve
cve
CVE-2016-10539
2018-05-31 20:29:01
CVE-2016-1000022
2019-12-20 13:15:11
cvelist
cvelist
CVE-2016-10539
2018-04-26 00:00:00
debiancve
debiancve
CVE-2016-10539
2018-05-31 20:29:01
nodejs
nodejs
Regular Expression Denial of Service
2016-05-04 16:34:12
github
github
Regular Expression Denial of Service in negotiator
2018-10-09 00:30:30
ubuntucve
ubuntucve
CVE-2016-10539
2018-05-31 00:00:00