Security Advisory

CVE-2016-10539

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-05-31 20:00:00

Last updated 2024-09-17 02:11:28

Assigner hackerone

State PUBLISHED

Description

negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.

← Browse all CVEs View on cve.org ↗