3 matches found
@aoboxinda/budget (>=0.1.155 <=0.1.186), @apostrophecms/form (>=1.0.0 <=1.5.1) +573 more potentially affected by CVE-2022-29623 via connect-multiparty (>=0.1.1 <=2.2.0)
connect-multiparty NPM version =0.1.1, =0.1.155, =1.0.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.58.14, =0.1.0, =0.1.1, =0.1.0, =0.1.1, =5.0.0, =0.12.2, =1.0.1, =1.0.3 and more Source cves: CVE-2022-29623 Source advisory: OSV:GHSA-W2XW-44R3-4V9G...
CVE-2022-29623
An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report...
CVE-2022-29623
CVE-2022-29623 describes an arbitrary file upload vulnerability in the file upload module of Connect-Multiparty 2.2.0 (Express Connect-Multiparty). The underlying issue allows an attacker to execute arbitrary code by supplying a crafted PDF file. The vulnerability is documented across multiple so...