Severity: high

    Regular Expression Denial of Service



    Affected versions of negotiator are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted Accept-Language header value.


    Update to version 0.6.1 or later.

    Have content suggestions? Visit

    Advisory timeline

    1. published

      Advisory published
      Jun 16th, 2016
    2. reported

      Initial report by Adam Baldwin
      May 4th, 2016