CVE-2017-16138

Name: CVE-2017-16138
Creator: NVD / NIST
Published: 2018-06-07T02:29:03.863+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.05%

Last modified Jun 17, 2026

CVE-2017-16138 is a vulnerability of currently unknown severity. The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.. EPSS estimates a 2.05% chance of exploitation in the next 30 days.

Description

The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

Metrics

EPSS Probability

2.05%

78.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Mime Project	Mime	< 1.4.1
Mime Project	Mime	>= 2.0.1, < 2.0.3

References

https://github.com/broofa/node-mime/issues/167Exploit, Third Party Advisory
https://nodesecurity.io/advisories/535Third Party Advisory
https://github.com/broofa/node-mime/issues/167Exploit, Third Party Advisory
https://nodesecurity.io/advisories/535Third Party Advisory

Timeline

Published: Jun 7, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-16138?

The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

How severe is CVE-2017-16138?

Severity scoring for CVE-2017-16138 is pending analysis. The EPSS model estimates a 2.05% probability of exploitation in the next 30 days.

How do I fix CVE-2017-16138?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-16138?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST