Name of the Vulnerable Software and Affected Versions http-cache-semantics versions prior to 4.1.1 cacheable-request versions prior to 10.2.7

Description The issue is related to an Inefficient Regular Expression Complexity in http-cache-semantics, which can lead to Denial of Service. This can be exploited via malicious request header values sent to a server when the server reads the cache policy from the request using this library.

Recommendations For http-cache-semantics versions prior to 4.1.1, update to version 4.1.1 or later. For cacheable-request versions prior to 10.2.7, update to version 10.2.7 or later.