Description
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
Remediation
References
http://www.securityfocus.com/bid/104427
https://nodesecurity.io/advisories/527
Related Vulnerabilities
CVE-2021-21345 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-25878 Vulnerability in maven package org.webjars.npm:protobufjs
CVE-2022-36904 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector
CVE-2017-16128 Vulnerability in npm package npm-script-demo
CVE-2023-35142 Vulnerability in maven package com.checkmarx.jenkins:checkmarx