CVE-2017-16098

Name of the Vulnerable Software and Affected Versions: charset versions 1.0.0 and below

Description: The issue concerns a regular expression denial of service. It is noted that an input of around 50,000 characters is required to cause a slow down of approximately 2 seconds. The impact of this issue is relatively low due to the default header max length in node being 80kb, unless node was compiled with a different header size limit using the -DHTTP MAX HEADER SIZE option.

Recommendations: Update to version 1.0.1 or later.