negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.
Advisories
Source ID Title
EUVD EUVD EUVD-2018-0538 negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.
Github GHSA Github GHSA GHSA-7mc5-chhp-fmc3 Regular Expression Denial of Service in negotiator
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2024-09-17T02:11:28.261Z

Reserved: 2017-10-29T00:00:00

Link: CVE-2016-10539

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-05-31T20:29:01.407

Modified: 2024-11-21T02:44:13.653

Link: CVE-2016-10539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.