Описание
Regular Expression Denial of Service in content
Affected versions of content are vulnerable to a regular expression denial of service when parsing malicious Content-Type and Content-Disposition headers.
Recommendation
Update to version 3.0.6 or later.
Пакеты
Наименование
content
npm
Затронутые версииВерсия исправления
< 3.0.7
3.0.7
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.