content@4.0.0 vulnerabilities

HTTP Content-* headers parsing

Direct Vulnerabilities

Known vulnerabilities in the content package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Regular Expression Denial of Service (ReDoS)

content is a HTTP Content-* headers parsing

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. An attacker may pass a specially crafted Content-Type or Content-Disposition header, causing the server to hang. This can cause an impact of about 10 seconds matching time for data 180 characters long.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade content to versions 3.0.7, 4.0.4 or higher

<3.0.7 >=4.0.0 <4.0.4