Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-10539 Vulnerability in npm package negotiator

Description

negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.

Remediation

References

https://nodesecurity.io/advisories/106

Related Vulnerabilities

CVE-2020-13957 Vulnerability in maven package org.apache.solr:solr-core

CVE-2019-10806 Vulnerability in maven package org.webjars.npm:vega-util

CVE-2018-14731 Vulnerability in npm package parcel-bundler

CVE-2021-25329 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2019-10219 Vulnerability in maven package org.hibernate.validator:hibernate-validator

Severity

High

Classification

CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Third Party Advisory