85 matches found
CVE-2017-16136
CVE-2017-16136 affects the Node.js module method-override used with the Express.js framework. The issue is a regular expression denial of service (ReDoS) triggered when untrusted input is parsed via the X-HTTP-Method-Override header. In the provided documents, exploitation details are not describ...
CVE-2017-16136
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...
Regular Expression Denial of Service
Overview Affected versions of method-override are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the X-HTTP-Method-Override header. Recommendation Update to version 2.3.10 or later References GitHub Advisory...
Kallithea Design Vulnerability
Kallithea, a project under the US-based Software Freedom Conservancy organization, is a free source code management system. The system supports Mercurial and Git version control systems, hosting code, managing access control, and more. Kallithea suffers from a design vulnerability. An attacker ca...
Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Ruby on Rails JSON Processor YAML...