Node.js.ReDoS.http-cache-semantics
Description
This indicates an attack attempt to exploit a ReDoS (regular expression denial of service).
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Affected Products
package http-cache-semantics before 4.1.1
Impact
ReDoS: Remote attackers can cause ReDoS (regular expression denial of service).
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
Version Updates
Date | Version | Detail |
---|---|---|
2023-05-16 | 0.00348 |