npm package
express-fileupload
pkg:npm/express-fileupload
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-27261 | — | <= 1.3.1 | — | Apr 12, 2022 | An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. | ||
| CVE-2020-7699 | — | < 1.1.9 | 1.1.9 | Jul 30, 2020 | This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution. |
- CVE-2022-27261Apr 12, 2022affected <= 1.3.1
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.
- CVE-2020-7699Jul 30, 2020affected < 1.1.9fixed 1.1.9
This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.