Regular Expression Denial of Service
Published: September 26th, 2017
Reported by: Cristian-Alexandru Staicu
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
If you are using this module via express, upgrade to Express version 4.15.5 or greater.
Upgrade to 0.1.2 or greater