Affected versions of method-override
are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the X-HTTP-Method-Override
header.
Update to version 2.3.10 or later
CPE | Name | Operator | Version |
---|---|---|---|
method-override | ge | 2.0.0 | |
method-override | lt | 2.3.10 | |
method-override | eq | 1.0.2 |