The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.
[
{
"product": "content node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "<=3.0.5"
}
]
}
]