Regular Expression Denial of Service (DoS)
Vulnerable module: negotiator
Introduced through: express@4.11.2
Detailed paths
Introduced through: naivechain@lhartikk/naivechain#dfd2481e7158f72e54fba4ce0bd2f48d0a44945e › express@4.11.2 › accepts@1.2.13 › negotiator@0.5.3
Remediation: Upgrade to express@4.14.0.
Overview
negotiator is an HTTP content negotiator for Node.js.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (DoS) when parsing Accept-Language http header.
Regular Expression Denial of Service (DoS)
Vulnerable module: negotiator
Introduced through: express@4.11.2
Detailed paths
Introduced through: naivechain@lhartikk/naivechain#dfd2481e7158f72e54fba4ce0bd2f48d0a44945e › express@4.11.2 › accepts@1.2.13 › negotiator@0.5.3
Remediation: Upgrade to express@4.14.0.
Overview
negotiator is an HTTP content negotiator for Node.js.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (DoS) when parsing Accept-Language http header.