method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn’t support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.
[
{
"product": "method-override node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "<= 1.0.2 || > 2.0.0 < 2.3.10"
}
]
}
]