WS-2013-0004 Medium Severity Vulnerability detected by WhiteSource #24
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2013-0004 - Medium Severity Vulnerability
High performance middleware framework
path: /framaslides/node_modules/connect/package.json
Library home page: http://registry.npmjs.org/connect/-/connect-2.7.11.tgz
Dependency Hierarchy:
The "methodOverride" middleware allows the http post to override the method of the request with the value of the "_method" post key or with the header "x-http-method-override".
Publish Date: 2013-07-01
URL: WS-2013-0004
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting
Release Date: 2013-07-01
Fix Resolution: Update to the newest version of Connect or disable methodOverride. It is not possible to avoid the vulnerability if you have enabled this middleware in the top of your stack.
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: