Nutrias Punching Marmots
Severity: high

Regular Expression Denial of Service



Affected versions of negotiator are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted Accept-Language header value.


Update to version 0.6.1 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jun 16th, 2016
  2. reported

    May 4th, 2016