method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header
High severity
GitHub Reviewed
Published
Jul 24, 2018
to the GitHub Advisory Database
•
Updated Sep 11, 2023
Package
Affected versions
= 1.0.2
>= 2.0.0, < 2.3.10
Patched versions
2.3.10
2.3.10
Description
Published to the GitHub Advisory Database
Jul 24, 2018
Reviewed
Jun 16, 2020
Last updated
Sep 11, 2023
Affected versions of
method-overrideare vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into theX-HTTP-Method-Overrideheader.Recommendation
Update to version 2.3.10 or later
References