Candidate: CVE-2017-16138
PublicDate: 2018-06-07 02:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16138
 https://github.com/broofa/node-mime/issues/167
 https://nodesecurity.io/advisories/535
 https://github.com/broofa/node-mime/commit/855d0c4b8b22e4a80b9401a81f2872058eae274d (1.x)
 https://github.com/broofa/node-mime/commit/1df903fdeb9ae7eaa048795b8d580ce2c98f40b0 (2.x)
Description:
 The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression
 denial of service when a mime lookup is performed on untrusted user input.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901277
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_node-mime:
upstream_node-mime: released (2.3.1-1)
precise/esm_node-mime: DNE
trusty_node-mime: ignored (out of standard support)
trusty/esm_node-mime: needed
xenial_node-mime: ignored (end of standard support, was needed)
bionic_node-mime: needed
focal_node-mime: not-affected (2.4.4+dfsg-1)
groovy_node-mime: not-affected
hirsute_node-mime: not-affected
impish_node-mime: not-affected
jammy_node-mime: not-affected
devel_node-mime: not-affected