Описание
negotiator before 0.6.1 is vulnerable to a regular expression DoS
negotiator before 0.6.1 is vulnerable to a regular expression DoS
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000022
- https://access.redhat.com/errata/RHSA-2016:1605
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000022
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000022
- https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000022.json
- https://security-tracker.debian.org/tracker/CVE-2016-1000022
- https://www.npmjs.com/advisories/106
CVE ID
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
A regular expression denial of service flaw was found in Negotiator. An attacker able to make an application using Negotiator to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage