Regular Expression Denial of Service in negotiator

Affected versions of negotiator are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted Accept-Language header value.

Recommendation

Update to version 0.6.1 or later.

References

Published to the GitHub Advisory Database Oct 9, 2018

Reviewed Jun 16, 2020

Last updated Jan 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Recommendation

References

Severity

EPSS score

Exploit Prediction Scoring System (EPSS)

Weaknesses

Uncontrolled Resource Consumption

CVE ID

GHSA ID

Source code

Uh oh!