node.js-negotiator: denial of service
| Package(s): | node.js-negotiator | CVE #(s): | CVE-2016-1000022 | ||||
| Created: | August 12, 2016 | Updated: | August 17, 2016 | ||||
| Description: | From the node.js advisory:
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator is vulnerable to Regular Expression Denial of Service via a specially crafted string. | ||||||
| Alerts: |
| ||||||