Description
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
Remediation
References
http://www.securityfocus.com/bid/104427
https://nodesecurity.io/advisories/527
Related Vulnerabilities
CVE-2022-23221 Vulnerability in maven package com.h2database:h2
CVE-2016-10601 Vulnerability in npm package webdrvr
CVE-2016-10660 Vulnerability in npm package fis-parser-sass-bin
CVE-2020-7763 Vulnerability in npm package phantom-html-to-pdf
CVE-2023-42503 Vulnerability in maven package org.apache.commons:commons-compress