method-override@2.3.4 vulnerabilities

Override HTTP verbs

Direct Vulnerabilities

Known vulnerabilities in the method-override package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Regular Expression Denial of Service (ReDoS)

method-override is a module to override HTTP verbs.

Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS). It uses regex the following regex / *, */ in order to split HTTP headers. An attacker may send specially crafted input in the X-HTTP-Method-Override header and cause a significant slowdown.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade method-override to version 2.3.10 or higher.

>1.0.2 <2.3.10
  • H
Regular Expression Denial of Service (ReDoS)

method-override is a module to override HTTP verbs.

Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS). It uses regex the following regex / *, */ in order to split HTTP headers. An attacker may send specially crafted input in the X-HTTP-Method-Override header and cause a significant slowdown.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade method-override to version 2.3.10 or higher.

>1.0.2 <2.3.10