11 matches found
SUSE CVE-2016-10539
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
SUSE CVE-2016-1000022
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2016-1000022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
UBUNTU-CVE-2016-1000022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2016-1000022
CVE-2016-1000022 is a duplicate of CVE-2016-10539. Connected documents describe a Regular Expression Denial of Service in the Node.js modules negotiator (and related Minimatch patterns) triggered by crafted Accept-Language strings. Affected versions include negotiator up to 0.6.0; remediation is ...
10er10 (=0.23.0), 1405-authtokens (>=1.0.1 <=1.0.5) +8069 more potentially affected by CVE-2016-10539 via negotiator (>=0.2.3 <=0.6.0)
negotiator NPM version =0.2.3, =1.0.1, =1.0.3, =1.0.2, =1.0.0, =0.0.1, =0.2.0, =0.0.1, =0.0.1, =1.0.0, =1.2.9 and more Source cves: CVE-2016-10539 Source advisory: OSV:GHSA-7MC5-CHHP-FMC3...
AZL-44826 CVE-2016-10539 affecting package nodejs-nodemon 2.0.3-5
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
CVE-2016-10539
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
CVE-2016-10539
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
CVE-2016-10539
The CVE-2016-10539 issue affects the negotiator npm package (Node.js) ≤0.6.0, where parsing the Accept-Language header can trigger a Regular Expression Denial of Service via a specially crafted input. The vulnerability impacts modules/frameworks using negotiator (e.g., Express, Koa). Remediation:...