Lucene search
+L

54 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-48795

AdonisJS is a TypeScript-first web framework. From 10.1.3 until 10.1.5 and 11.0.3, AdonisJS @adonisjs/bodyparser incompletely fixed CVE-2026-25754 because nested multipart field payloads such as user.proto.polluted and constructor.prototype still caused lodash .set via @poppinss/utils to create...

8.6CVSS0.0054EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-48795 Incomplete fix for CVE-2026-25754 in @adonisjs/bodyparser

AdonisJS is a TypeScript-first web framework. From 10.1.3 until 10.1.5 and 11.0.3, AdonisJS @adonisjs/bodyparser incompletely fixed CVE-2026-25754 because nested multipart field payloads such as user.proto.polluted and constructor.prototype still caused lodash .set via @poppinss/utils to create...

8.6CVSS0.0054EPSS
Exploits0References5
CVE
CVE
added 3 days ago26 views

CVE-2026-48795

Summary (CVE-2026-48795): AdonisJS’s bodyparser (/@adonisjs/bodyparser) has an incomplete fix for CVE-2026-25754 in certain pre-release ranges. The issue arises in nested multipart/form-data payloads (for example involving proto or constructor.prototype) that allow lodash _.set() through @poppins...

8.6CVSS6.1AI score0.0054EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/30 6:34 p.m.9 views

Prototype Pollution

Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Prototype Pollution via the BodyParserMiddleware process. An attacker can modify the Object.prototype globally by sending specially...

8.8CVSS6.3AI score0.0054EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/30 6:34 p.m.11 views

@adonisjs/bodyparser has an incomplete fix for CVE-2026-25754

Summary The fix for GHSA-f5x2-vj4h-vg4c / CVE-2026-25754 introduced in commit 40e1c71 is incomplete and can be bypassed through nested prototype pollution payloads. The original patch replaced the internal FormFields storage object with Object.createnull, preventing direct payloads such as...

8.6CVSS6AI score0.0054EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54440

Name of the Vulnerable Software and Affected Versions AdonisJS versions 10.1.3 through 10.1.4 AdonisJS versions 11.0.0-next.9 through 11.0.2 Description An incomplete fix in the @adonisjs/bodyparser module allows for prototype pollution via nested multipart field payloads. While direct payloads a...

8.6CVSS6.5AI score0.0054EPSS
Exploits0References10
Veracode
Veracode
added 2026/02/12 7:3 p.m.6 views

Prototype Pollution

@adonisjs/bodyparser is vulnerable to a Prototype Pollution. The vulnerability is due to improper handling of multipart form-data parsing, which allows a remote attacker to manipulate object prototypes at runtime and potentially alter application behavior...

7.2CVSS5.6AI score0.00364EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/02/12 7:14 a.m.6 views

Denial Of Service (DoS)

AdonisJS is vulnerable to a Denial Of Service DoS. The vulnerability is due to unbounded memory accumulation in the multipart file handling logic of @adonisjs/bodyparser, where the parser buffers excessive data in memory while detecting file types, allowing attackers to trigger excessive memory...

7.5CVSS5.6AI score0.00491EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.8 views

CVE-2026-25762

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...

7.5CVSS5.3AI score0.00491EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 11:15 p.m.8 views

CVE-2026-25762

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...

7.5CVSS0.00491EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 10:48 p.m.7 views

CVE-2026-25762

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...

7.5CVSS5.3AI score0.00491EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 10:48 p.m.6 views

CVE-2026-25762 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...

7.5CVSS5.5AI score0.00491EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/06 10:48 p.m.33 views

CVE-2026-25762 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...

7.5CVSS0.00491EPSS
Exploits0References3
OSV
OSV
added 2026/02/06 10:48 p.m.10 views

CVE-2026-25762 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...

7.5CVSS5.4AI score0.00491EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/06 7:53 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the PartHandler class, during file type detection. An attacker can cause...

8.7CVSS5.6AI score0.00491EPSS
Exploits0References2
OSV
OSV
added 2026/02/06 7:53 p.m.6 views

GHSA-XX9G-FH25-4Q64 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection

Summary A Denial of Service DoS vulnerability CWE-400 exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessiv...

7.5CVSS5.8AI score0.00491EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/06 7:27 p.m.6 views

Prototype Pollution

Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Prototype Pollution when parsing form field data from non-JSON, non-URL-encoded multipart requests, in formfields.ts. due to...

7.2CVSS6.5AI score0.00364EPSS
Exploits0References2
OSV
OSV
added 2026/02/06 7:27 p.m.8 views

GHSA-F5X2-VJ4H-VG4C AdonisJS multipart body parsing has Prototype Pollution issue

Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...

7.2CVSS5.6AI score0.00364EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/06 7:27 p.m.13 views

AdonisJS multipart body parsing has Prototype Pollution issue

Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...

7.2CVSS5.6AI score0.00364EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.11 views

PT-2026-6811

Name of the Vulnerable Software and Affected Versions AdonisJS versions prior to 10.1.3 AdonisJS versions prior to 11.0.0-next.9 Description A denial of service DoS issue exists in the multipart file handling logic of the @adonisjs/bodyparser package. The multipart parser may accumulate an...

7.5CVSS5.5AI score0.00491EPSS
Exploits0References12
Rows per page
Query Builder