Overview
Affected versions of negotiator
are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted Accept-Language
header value.
Remediation
Update to version 0.6.1 or later.
Have content suggestions? Visit npmjs.com/support.
Advisory timeline
published
Advisory publishedJun 16th, 2016reported
Initial report by Adam BaldwinMay 4th, 2016