Описание
method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header
Affected versions of method-override are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the X-HTTP-Method-Override header.
Recommendation
Update to version 2.3.10 or later
Пакеты
method-override
= 1.0.2
2.3.10
method-override
>= 2.0.0, < 2.3.10
2.3.10
Связанные уязвимости
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.