CVE-2017-16136
HIGHexpressjs method-override < 2.3.10 - Denial of Service via X-HTTP-Method-Override Header
Title source: llmDescription
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/538
Scores
CVSS v3
7.5
EPSS
0.0121
EPSS Percentile
64.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (2)
expressjs/method-override
< 2.3.10
npm/method-override
1.0.2 - 2.3.10npm
Published
Jun 07, 2018
Tracked Since
Feb 18, 2026