Lucene search
+L

85 matches found

CVE
CVE
added 2018/06/07 2:0 a.m.85 views

CVE-2017-16136

CVE-2017-16136 affects the Node.js module method-override used with the Express.js framework. The issue is a regular expression denial of service (ReDoS) triggered when untrusted input is parsed via the X-HTTP-Method-Override header. In the provided documents, exploitation details are not describ...

7.5CVSS7.3AI score0.01215EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.32 views

CVE-2017-16136

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...

7.4AI score0.01215EPSS
Exploits0References1
Node.js
Node.js
added 2017/09/27 6:9 p.m.58 views

Regular Expression Denial of Service

Overview Affected versions of method-override are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the X-HTTP-Method-Override header. Recommendation Update to version 2.3.10 or later References GitHub Advisory...

5CVSS4.9AI score0.01215EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2016/05/06 12:0 a.m.6 views

Kallithea Design Vulnerability

Kallithea, a project under the US-based Software Freedom Conservancy organization, is a free source code management system. The system supports Mercurial and Git version control systems, hosting code, managing access control, and more. Kallithea suffers from a design vulnerability. An attacker ca...

8.8CVSS7.1AI score0.00587EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2013/01/29 12:0 a.m.77 views

Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Ruby on Rails JSON Processor YAML...

7.7AI score
Exploits0
Rows per page
Query Builder