Nearly Perpendicular Macaroons
Severity: high

Regular Expression Denial of Service

negotiator

Overview

Affected versions of negotiator are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted Accept-Language header value.

Remediation

Update to version 0.6.1 or later.

Advisory timeline

  1. published

    Advisory published
    Jun 16th, 2016
  2. reported

    May 4th, 2016