@aarconada/urserver (>=0.0.1 <=0.0.990), @alterior/core (>=0.0.1 <=2.0.0-b1) +182 more potentially affected by unknown CVE via express-fileupload (>=0.0.5 <=1.1.6-alpha.5)

express-fileupload NPM version =0.0.5, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.155, =1.0.0, =0.12.0, =0.0.2-90, =0.0.1-alpha.151, =0.0.1-alpha.44, =0.0.1, =1.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-Q3W9-G74Q-VP5F...

Denial of Service in express-fileupload

Versions of express-fileupload prior to 1.1.6-alpha.6 are vulnerable to Denial of Service. The package causes server responses to be delayed up to 30s in internal testing if the request contains a large filename of . characters. Recommendation Upgrade to version 1.1.6-alpha.6 or later...

GHSA-Q3W9-G74Q-VP5F Denial of Service in express-fileupload

Versions of express-fileupload prior to 1.1.6-alpha.6 are vulnerable to Denial of Service. The package causes server responses to be delayed up to 30s in internal testing if the request contains a large filename of . characters. Recommendation Upgrade to version 1.1.6-alpha.6 or later...

@aarconada/urserver (>=0.0.1 <=0.0.990), @alterior/core (>=0.0.1 <=2.0.0-b1) +183 more potentially affected by CVE-2020-7699 via express-fileupload (>=0.0.5 <=1.1.6)

express-fileupload NPM version =0.0.5, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.155, =1.0.0, =0.12.0, =0.0.2-90, =0.0.1-alpha.151, =0.0.1-alpha.44, =0.0.1, =1.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2020-7699 Source advisory: OSV:GHSA-9WCG-JRWF-8GG7...

GHSA-9WCG-JRWF-8GG7 Prototype Pollution in express-fileupload

This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution...

Prototype Pollution in express-fileupload

This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution...

Prototype Pollution

express-fileupload is vulnerable to prototype pollution. The vulnerability exists as it does not restrict the proto, constructor keys in lib/processNested.js...

CVE-2020-7699

This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution...

CVE-2020-7699

This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution...

CVE-2020-7699

CVE-2020-7699 affects the Node.js Express Fileupload package: versions prior to 1.1.8 are vulnerable when the parseNested option is enabled. The root cause is a prototype pollution issue that can enable denial of service or arbitrary code execution via specially crafted HTTP requests. A fix is av...

CVE-2020-7699 Prototype Pollution

This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution...

PT-2020-19722

Name of the Vulnerable Software and Affected Versions express-fileupload versions prior to 1.1.8 Description The issue allows for denial of service or arbitrary code execution when a corrupt HTTP request is sent and the parseNested option is enabled. Recommendations For express-fileupload version...

@aoboxinda/budget (>=0.1.155 <=0.1.186), @excitare/entry-graphql (=0.0.1-alpha.151) +4 more potentially affected by CVE-2020-7699 via express-fileupload (>=1.0.0 <=1.1.1-alpha.3)

express-fileupload NPM version =1.0.0, =0.1.155, =0.0.1-alpha.151, =0.0.1-alpha.44, =1.1.0, =1.0.0, =1.0.4 Source cves: CVE-2020-7699 Source advisory: SNYK:JS-EXPRESSFILEUPLOAD-595969...

Prototype Pollution

Overview express-fileupload is a file upload middleware for express that wraps around busboy. Affected versions of this package are vulnerable to Prototype Pollution. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution...

Denial of Service

Overview Versions of express-fileupload prior to 1.1.6-alpha.6 are vulnerable to Denial of Service. The package causes server responses to be delayed up to 30s in internal testing if the request contains a large filename of . characters. Recommendation Upgrade to version 1.1.6-alpha.6 or later...