Description
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.
Remediation
References
https://nodesecurity.io/advisories/538
Related Vulnerabilities
CVE-2021-25915 Vulnerability in npm package changeset
CVE-2021-23358 Vulnerability in npm package underscore
CVE-2021-25987 Vulnerability in npm package hexo
CVE-2019-13173 Vulnerability in maven package org.webjars:fstream
CVE-2021-24122 Vulnerability in maven package org.apache.tomcat:tomcat-catalina