hawk is vulnerable to regular expression denial of service (ReDoS) attacks. An attacker is able to increase the computational time exponentially by adding a huge number of characters through Hawk.utils.parseHost
function to slowdown and cause denial of service conditions in the application.
CPE | Name | Operator | Version |
---|---|---|---|
hawk | le | 9.0.0 | |
hawk | le | 9.0.0 | |
node-hawk:sid | eq | 8.0.1+dfsg-1 | |
node-hawk:bullseye | eq | 8.0.1+dfsg-1 |