Needlessly Promiscuous, Modularize!

npm

Severity: moderate

Regular Expression Denial of Service

hawk

Overview

Versions of hawk prior to 3.1.3, or 4.x prior to 4.1.1 are affected by a regular expression denial of service vulnerability related to excessively long headers and URI's.

Remediation

Update to hawk version 4.1.1 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jan 19th, 2016
  2. reported

    Initial report by Adam Baldwin
    Jan 19th, 2016