Описание
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 0.6.1-1 |
| cosmic | released | 0.6.1-1 |
| devel | released | 0.6.1-1 |
| disco | released | 0.6.1-1 |
| eoan | released | 0.6.1-1 |
| esm-apps/bionic | released | 0.6.1-1 |
| esm-apps/focal | released | 0.6.1-1 |
| esm-apps/jammy | released | 0.6.1-1 |
| esm-apps/noble | released | 0.6.1-1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.
negotiator is an HTTP content negotiator for Node.js and is used by ma ...
EPSS
5 Medium
CVSS2
7.5 High
CVSS3