Affected versions of `content` are vulnerable to a regular expression denial of service when parsing malicious `Content-Type` and `Content-Disposition` headers.

## Recommendation

Update to version 3.0.6 or later.

Affected Packages

npm content

Affected versions: 0 (fixed in 3.0.7)

Related CVEs

CVE-2017-16111

Key Information

GHSA ID

GHSA-x6wp-rfwh-hcx7

Published

July 24, 2018 7:55 PM

Last Modified

September 8, 2023 7:20 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

content

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.