CVE-2026-35213 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

@hapi/content provided HTTP Content-* headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS…
High CVSS: 8.7

CVE-2026-35213

@hapi/content provided HTTP Content-* headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns susceptible to catastrophic backtracking. This vulnerability is fixed in 6.0.1.
Vendor
-
Product
-
CWE
CWE-1333
Yayın Tarihi
2026-04-06 21:16:20
Güncelleme
2026-04-07 13:20:11
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-1333 HIGH 2026

Referanslar

https://github.com/hapijs/content/pull/38 https://github.com/hapijs/content/security/advisories/GHSA-jg4p-7fhp-p32p