2 matches found
@aarconada/urserver (>=0.0.1 <=0.0.990), @alterior/core (>=0.0.1 <=2.0.0-b1) +195 more potentially affected by CVE-2022-27261 via express-fileupload (>=0.0.5 <=1.3.1)
express-fileupload NPM version =0.0.5, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.155, =2.0.0-alpha.0, =1.0.0, =0.12.0, =0.0.2-90, =0.0.1-alpha.151, =0.0.1-alpha.44, =0.0.1, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2022-27261 Source advisory: OSV:GHSA-W4M6-X6C2-J5C9...
CVE-2022-27261
CVE-2022-27261 describes an arbitrary file write vulnerability in Express-FileUpload v1.3.1. The issue allows uploading multiple files with the same name, leading to overwriting existing files on the web application server. Connected documents corroborate the affected product/version and impact, ...