Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Express-fileupload Security Vulnerabilities

cve
cve

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application...

7.5CVSS

7.7AI Score

0.001EPSS

2022-04-12 05:15 PM
89
cve
cve

CVE-2022-27140

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

9.8CVSS

9.6AI Score

0.005EPSS

2022-04-12 05:15 PM
98
cve
cve

CVE-2020-7699

This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code...

9.8CVSS

9.6AI Score

0.019EPSS

2020-07-30 09:15 AM
39