npm

Severity: high

Regular Expression Denial of Service

method-override

Overview

Affected versions of method-override are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the X-HTTP-Method-Override header.

Remediation

Update to version 2.3.10 or later

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Sep 27th, 2017
  2. reported

    Initial report by Doug Wilson
    Sep 27th, 2017