Regular Expression Denial of Service

Module: mime

Published: September 27th, 2017

Reported by: Cristian-Alexandru Staicu

CVE-NONE

CWE-400

Vulnerable: < 1.4.1 || > 2.0.0 < 2.0.3
Patched: >= 1.4.1 < 2.0.0 || >= 2.0.3

Overview

Affected versions of mime are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

Remediation

Update to version 2.0.3 or later.

References

Issue #167