nodejs-tough-cookie: denial of service
| Package(s): | nodejs-tough-cookie | CVE #(s): | CVE-2016-1000232 | ||||
| Created: | October 28, 2016 | Updated: | November 2, 2016 | ||||
| Description: | From the Red Hat advisory:
A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU. (CVE-2016-1000232) | ||||||
| Alerts: |
| ||||||