Regular Expression Denial of Service

2017-09-27T18:22:26
ID NODEJS:538
Type nodejs
Reporter Doug Wilson
Modified 2018-05-08T14:27:01

Description

Overview

Affected versions of method-override are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the X-HTTP-Method-Override header.

Recommendation

Update to version 2.3.10 or later