Regular Expression Denial of Service

2017-09-2519:02:28

Cristian-Alexandru Staicu

www.npmjs.com

0.001 Low

EPSS

Percentile

47.9%

Overview

Affected versions of mime are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

Update to version 2.0.3 or later.

CPENameOperatorVersion
mimelt 1.4.1 || > 2.0.0 < 2.0.3

CPE	Name	Operator	Version
	mime	lt	1.4.1 \|\| > 2.0.0 < 2.0.3

0.001 Low

EPSS

Percentile

47.9%

Related for NODEJS:535