You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Connect is a stack of middleware that is executed in order in each request.
The "methodOverride" middleware allows the http post to override the method of the request with the value of the "_method" post key or with the header "x-http-method-override".
Fix Resolution: Update to the newest version of Connect or disable methodOverride. It is not possible to avoid the vulnerability if you have enabled this middleware in the top of your stack.
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered:
CVE-2013-7370 - Medium Severity Vulnerability
Vulnerable Library - connect-2.1.3.tgz
High performance middleware framework
path: /MS_Demo/ksa/ksa-web-root/ksa-web/src/main/webapp/rs/bootstrap/node_modules/connect/package.json
Library home page: http://registry.npmjs.org/connect/-/connect-2.1.3.tgz
Dependency Hierarchy:
Found in HEAD commit: 23068bfa8fba8e934988efafc64fa2cf0fdb8462
Vulnerability Details
Connect is a stack of middleware that is executed in order in each request.
The "methodOverride" middleware allows the http post to override the method of the request with the value of the "_method" post key or with the header "x-http-method-override".
Publish Date: 2013-07-01
URL: CVE-2013-7370
CVSS 2 Score Details (6.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting
Release Date: 2013-07-01
Fix Resolution: Update to the newest version of Connect or disable methodOverride. It is not possible to avoid the vulnerability if you have enabled this middleware in the top of your stack.
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: