CVE-2017-16111

EUVD-2018-0344
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
content_projectcontent
𝑥
≤ 3.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://nodesecurity.io/advisories/530
https://nodesecurity.io/advisories/530