VYPR

npm package

negotiator

pkg:npm/negotiator

Vulnerabilities (1)

  • CVE-2016-10539HigMay 31, 2018
    affected < 0.6.1fixed 0.6.1

    negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted s