WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-10539 Vulnerability in npm package negotiator

Description

negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.

Remediation

References

https://nodesecurity.io/advisories/106

Related Vulnerabilities

CVE-2020-8127 Vulnerability in maven package org.webjars.npm:reveal.js

CVE-2021-23348 Vulnerability in npm package portprocesses

CVE-2021-27405 Vulnerability in npm package @progfay/scrapbox-parser

CVE-2020-10800 Vulnerability in npm package lix

CVE-2016-4431 Vulnerability in maven package org.apache.struts:struts2-core

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Third Party Advisory