Description
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.
Remediation
References
https://nodesecurity.io/advisories/538
Related Vulnerabilities
CVE-2021-23439 Vulnerability in npm package file-upload-with-preview
CVE-2022-36922 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search
CVE-2021-23391 Vulnerability in npm package calipso
CVE-2018-11775 Vulnerability in maven package org.apache.activemq:activemq-all
CVE-2019-12041 Vulnerability in maven package org.webjars.bower:remarkable