Notice: False Security Vulnerability for 4.16.4

“express”: “4.16.4”,
Security vulnerability warning for following dependency is blocking us from using this library – mime 1.4.1.tgz
The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

Details :
CVE-2017-16138 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16138

image

Author: Fantashit

1 thought on “Notice: False Security Vulnerability for 4.16.4

  1. I am reopening this to prevent duplicate issues from opening.

    As a reminder: there is no vulnerability here; whatever is alerting on this is incorrect and you may need to contact the vendor of the software flagging mime 1.4.1 to let them know.

Comments are closed.