Skip to content

Regular Expression Denial of Service in mime

Moderate severity GitHub Reviewed Published Jul 20, 2018 • Updated Jan 8, 2021

Package

npm mime (npm)

Affected versions

< 1.4.1
>= 2.0.0, < 2.0.3

Patched versions

1.4.1
2.0.3

Description

Affected versions of mime are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

Recommendation

Update to version 2.0.3 or later.

References

Severity

Moderate

Weaknesses

CVE ID

CVE-2017-16138

GHSA ID

GHSA-wrvr-8mpx-r7pp

Source code

No known source code
Checking history
See something to contribute? Suggest improvements for this vulnerability.