nodejs-negotiator is vulnerable to denial of service. An attacker able to make an application using Negotiator to perform matching using a malicious glob pattern could cause the application to consume an excessive amount of CPU.
access.redhat.com/errata/RHSA-2016:1605
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000022
bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000022
raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000022.json
security-tracker.debian.org/tracker/CVE-2016-1000022
www.npmjs.com/advisories/106