Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-9cp3-fh5x-xfcj

GitHub Security Advisory

Regular Expression Denial of Service in charset

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Affected versions of `charset` are susceptible to a regular expression denial of service.

The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length.

If node was compiled using the `-DHTTP_MAX_HEADER_SIZE` however, the impact of the vulnerability can be significant, as the primary limitation for the vulnerability is the default max HTTP header length in node.

## Recommendation

Update to version 1.0.1 or later.

Affected Packages

npm charset
Affected versions: 0 (fixed in 1.0.1)

Related CVEs

CVE-2017-16098

Key Information

GHSA ID
GHSA-9cp3-fh5x-xfcj
Published
August 9, 2018 8:55 PM
Last Modified
March 31, 2023 3:44 PM
CVSS Score
7.5 /10
Primary Ecosystem
npm
Primary Package
charset
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.