67 matches found
CVE-2026-25762
CVE-2026-25762 affects AdonisJS, specifically the @adonisjs/bodyparser multipart file handling logic. The vulnerability arises when the multipart parser processes file uploads, potentially accumulating an unbounded amount of data in memory while attempting to detect file types, leading to excessi...
CVE-2026-25762
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...
CVE-2026-25762 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...
CVE-2026-25754 AdonisJS multipart body parsing has Prototype Pollution issue
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and...
CVE-2026-25754 AdonisJS multipart body parsing has Prototype Pollution issue
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and...
CVE-2026-25754
CVE-2026-25754 affects AdonisJS multipart form-data parsing (package: @adonisjs/bodyparser). The underlying issue is prototype pollution caused by insufficient validation of multipart field names during parsing, allowing manipulation of object prototypes at runtime. Affected versions are AdonisJS...
CVE-2026-25754 AdonisJS multipart body parsing has Prototype Pollution issue
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and...
CVE-2026-25754
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and...
GHSA-XX9G-FH25-4Q64 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
Summary A Denial of Service DoS vulnerability CWE-400 exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessiv...
Allocation of Resources Without Limits or Throttling
Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the PartHandler class, during file type detection. An attacker can cause...
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
Summary A Denial of Service DoS vulnerability CWE-400 exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessiv...
Prototype Pollution
Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Prototype Pollution when parsing form field data from non-JSON, non-URL-encoded multipart requests, in formfields.ts. due to...
GHSA-F5X2-VJ4H-VG4C AdonisJS multipart body parsing has Prototype Pollution issue
Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...
AdonisJS multipart body parsing has Prototype Pollution issue
Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...
PT-2026-6810
Name of the Vulnerable Software and Affected Versions AdonisJS versions prior to 10.1.3 AdonisJS versions 11.0.0-next.0 through 11.0.0-next.8 Description A prototype pollution issue in AdonisJS multipart form-data parsing could allow a remote attacker to manipulate object prototypes during runtim...
PT-2026-6857
Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...
PT-2026-6811
Name of the Vulnerable Software and Affected Versions AdonisJS versions prior to 10.1.3 AdonisJS versions prior to 11.0.0-next.9 Description A denial of service DoS issue exists in the multipart file handling logic of the @adonisjs/bodyparser package. The multipart parser may accumulate an...
@adonisjs/lucid 安全漏洞
@adonisjs/lucid is a database object-relational mapping library open-sourced by the AdonisJS Framework. Versions of @adonisjs/lucid before 10.1.3 and versions before 11.0.0-next.9 have security vulnerabilities. These vulnerabilities stem from processing logic for multiple parts of the file, which...
@adonisjs/lucid 安全漏洞
@adonisjs/lucid is a database object-relational mapping library open-sourced by the AdonisJS Framework. Versions of @adonisjs/lucid before 10.1.3 and versions before 11.0.0-next.9 have security vulnerabilities. These vulnerabilities stem from prototype pollution in the parsing of multi-part form...
CVE-2026-22814
@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state...