form-data Insufficient Randomness

form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker can observe other values produced by Math.random in the target application and can control one field of a request made using form-data...

Node.js: Usage of unsafe random function in undici for choosing boundary

The vulnerability in the Undici library involves the use of an unsafe random function to choose the boundary for a multipart/form-data request. The use of Math.random to generate this boundary can be predicted if several of its generated values are known. This could potentially allow an attacker ...