4 matches found
CVE-2017-16098
charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTPMAXHEADERSIZE= option the default header max length is 80kb, so the impact of the ReDoS is...
CVE-2017-16098
charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTPMAXHEADERSIZE= option the default header max length is 80kb, so the impact of the ReDoS is...
CVE-2017-16098
charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTPMAXHEADERSIZE= option the default header max length is 80kb, so the impact of the ReDoS is...
CVE-2017-16098
The CVE-2017-16098 issue concerns the charset package vulnerability (Regular Expression Denial of Service). The connected GHSA advisory confirms that affected versions are susceptible to ReDoS, with an observed ~2-second slowdown on 50,000-character inputs, and notes that if Node is built with -D...