Affected versions of method-override
are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the X-HTTP-Method-Override
header.
Update to version 2.3.10 or later
CPE | Name | Operator | Version |
---|---|---|---|
method-override | le | 1.0.2 || > 2.0.0 < 2.3.10 |