Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Regular Expression Denial of Service (ReDoS) in @hapi/content HTTP header parsing
Vulnerability Description
@hapi/content provided HTTP Content-* headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns susceptible to catastrophic backtracking. This vulnerability is fixed in 6.0.1.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
@hapi/content 安全漏洞
Vulnerability Description
@hapi/content是hapi.js开源的一个HTTP内容头解析库。 @hapi/content 6.0.0及之前版本存在安全漏洞,该漏洞源于解析HTTP标头的正则表达式存在缺陷,可能导致正则表达式拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A