Regular Expression Denial of Service

Module: mime

Published: September 27th, 2017

Reported by: Cristian-Alexandru Staicu

CVE-NONE

CWE-

Vulnerable: < 1.4.1 || > 2.0.0 < 2.0.3
Patched: >= 1.4.1 < 2.0.0 || >= 2.0.3

Overview

The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

Remediation

Upgrade to version 2.0.3 or greater.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo