CVE-2017-16136

NONE EPSS 64.8%
Published Jun 7, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 7, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.

Threat Intelligence

EPSS Exploit Probability
64.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-400 Uncontrolled Resource Consumption Resource Mgmt

Affected Products 1

VendorProductVersionRange
expressjsmethod-override* <2.3.10

References 1

  • nodesecurity.io https://nodesecurity.io/advisories/538
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.