CVE-2017-16136

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.
References
Link Resource
https://nodesecurity.io/advisories/538 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:expressjs:method-override:*:*:*:*:*:node.js:*:*

History

No history.

Information

Published : 2018-06-07 02:29

Updated : 2024-02-28 16:25


NVD link : CVE-2017-16136

Mitre link : CVE-2017-16136

CVE.ORG link : CVE-2017-16136


JSON object : View

Products Affected

expressjs

  • method-override
CWE
CWE-400

Uncontrolled Resource Consumption