CVE-2026-21440

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease...

CVE-2026-21440 AdonisJS Path Traversal in Multipart File Handling

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease...

CVE-2026-21440

CVE-2026-21440 is a path traversal vulnerability in AdonisJS bodyparser (MultipartFile.move) that allows writing files outside the intended directory when the client-supplied filename is not sanitized. Root cause: move(location, options?) defaults to using clientName and path.join(location, fileN...

CVE-2026-21440 AdonisJS Path Traversal in Multipart File Handling

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease...

CVE-2026-21440 AdonisJS Path Traversal in Multipart File Handling

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease...

GHSA-GVQ6-HVVP-H34H AdonisJS Path Traversal in Multipart File Handling

Summary Description A Path Traversal CWE-22 vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to...

Directory Traversal

Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Directory Traversal via the MultipartFile.move function's default options. An attacker can write arbitrary files to unintended...

AdonisJS Path Traversal in Multipart File Handling

Summary Description A Path Traversal CWE-22 vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to...

PT-2026-1121

Name of the Vulnerable Software and Affected Versions AdonisJS versions through 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6 Description A Path Traversal vulnerability exists in the AdonisJS multipart file handling process. This flaw allows a remote attacker to write arbitrary files...

bodyparser 路径遍历漏洞

bodyparser is an open source BodyParser middleware on AdonisJS from AdonisJS Framework. A path traversal vulnerability exists in bodyparser versions 10.1.1 and earlier and 11.0.0-next.6 and earlier, which stems from the existence of a path traversal in multipart file handling that could result in...

EUVD-2025-11355

Malicious code in bioql PyPI...

EUVD-2025-16352

Malicious code in bioql PyPI...

Memory Allocation with Excessive Size Value

Overview github.com/gofiber/fiber/v2 is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the BodyParser function, which allocates a slice of length idx+1 without validating. An attacker can cause t...

Memory Allocation with Excessive Size Value

Overview github.com/gofiber/fiber is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the BodyParser function, which allocates a slice of length idx+1 without validating. An attacker can cause the...

CVE-2025-54801 Fiber Susceptible to Crash via `BodyParser` Due to Unvalidated Large Slice Index in Decoder

Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index e.g., test.18446744073704, the application crashes due to an out-of-bounds slice allocation in...

GHSA-QX2Q-88MX-VHG7 Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder

Description When using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index e.g., test.18446744073704, the application crashes due to an out-of-bounds slice allocation in the underlying schema decoder. The root cause is that the decoder attempts t...

Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder

Description When using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index e.g., test.18446744073704, the application crashes due to an out-of-bounds slice allocation in the underlying schema decoder. The root cause is that the decoder attempts t...

GO-2025-3706 Fiber panics when fiber.Ctx.BodyParser parses invalid range index in github.com/gofiber/fiber

Fiber panics when fiber.Ctx.BodyParser parses invalid range index in github.com/gofiber/fiber...

CVE-2025-48075

Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using keyidxvalue syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process t...

CVE-2025-48075 Fiber panics when fiber.Ctx.BodyParser parses invalid range index

Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using keyidxvalue syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process t...