Lucene search
Doug WilsonNODEJS:538HistorySep 27, 2017 - 6:09 p.m.
Regular Expression Denial of Service
2017-09-2718:09:29
Doug Wilson
www.npmjs.com
18
0.001 Low
EPSS
Percentile
44.9%
Overview
Affected versions of method-override are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the X-HTTP-Method-Override header.
Recommendation
Update to version 2.3.10 or later
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| method-override | le | 1.0.2 || > 2.0.0 < 2.3.10 |
Related
osv
osv
method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header
2018-07-24 20:06:04
CVE-2017-16136
2018-06-07 02:29:03
nvd
nvd
CVE-2017-16136
2018-06-07 02:29:03
cvelist
cvelist
CVE-2017-16136
2018-04-26 00:00:00
cve
cve
CVE-2017-16136
2018-06-07 02:29:03
redhatcve
redhatcve
CVE-2017-16136
2018-06-07 08:49:21
github
github
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2018-06-07 08:41:39
prion
prion
Design/Logic Flaw
2018-06-07 02:29:00