CVE-2017-16111

Summary

The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.

Affected Software

VendorProductVersion RangeStatus
HackerOnecontent node module<=3.0.5affected

Weaknesses

  • CWE-400: Denial of Service (CWE-400)

ADP Enrichment

CVE Program Container

Additional References

References