Regular Expression Denial of Service in negotiator

2018-10-0900:30:30

Google

osv.dev

0.001 Low

EPSS

Percentile

44.7%

JSON

Affected versions of negotiator are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted Accept-Language header value.

Recommendation

Update to version 0.6.1 or later.

CPENameOperatorVersion
negotiatorlt0.6.1

CPE	Name	Operator	Version
	negotiator	lt	0.6.1

References

github.com/advisories/GHSA-7mc5-chhp-fmc3

nvd.nist.gov/vuln/detail/CVE-2016-10539

www.npmjs.com/advisories/106

0.001 Low

EPSS

Percentile

44.7%

JSON

Related for OSV:GHSA-7MC5-CHHP-FMC3