CVE-2017-16136
NONE EPSS 64.8%
Published Jun 7, 20188y ago · Modified Jun 17, 20262w ago
Published Jun 7, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.
Threat Intelligence
EPSS Exploit Probability
64.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-400 Uncontrolled Resource Consumption Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| expressjs | method-override | * | <2.3.10 |
References 1
- nodesecurity.io https://nodesecurity.io/advisories/538
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.