Severity: moderate

Regular Expression Denial of Service

hawk

Overview

Versions of hawk prior to 3.1.3, or 4.x prior to 4.1.1 are affected by a regular expression denial of service vulnerability related to excessively long headers and URI's.

Remediation

Update to hawk version 4.1.1 or later.

Resources

Advisory timeline

  1. published

    Advisory published
    Jan 19th, 2016
  2. reported

    Jan 19th, 2016