1502 matches found
HTTP Parameter Pollution
form-data is vulnerable to HTTP Parameter Pollution HPP. The vulnerability is due to the use of weak randomness in generating boundary values in lib/formdata.js, which allows an attacker to perform HTTP Parameter Pollution HPP by manipulating form data...
Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data
Withdrawn Advisory This advisory has been withdrawn because users of Axios 1.10.0 have the flexibility to use a patched version of form-data, the software in which the vulnerability originates, without upgrading Axios to address GHSA-fjxv-7rqg-78g4. Original Description A critical vulnerability...
form-data Insufficient Randomness
form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker can observe other values produced by Math.random in the target application and can control one field of a request made using form-data...
SUSE CVE-2025-7783
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...
10secondsofcode-custom (=1.0.0), 1kohei1 (>=1.0.0 <=1.0.1) +4188 more potentially affected by CVE-2025-7783 via form-data (>=4.0.0 <=4.0.3)
form-data NPM version =4.0.0, =1.0.0, =1.2.0, =1.0.0, =0.1.0, =0.0.1, =5.0.0, =0.0.1, =1.0.1, =1.0.32, =1.0.32, =1.1.11 and more Source cves: CVE-2025-7783 Source advisory: OSV:GHSA-FJXV-7RQG-78G4...
7ghost-cli (>=1.17.6-next.0 <=1.18.4), @5ht/express (>=1.0.6 <=2.2.0) +630 more potentially affected by CVE-2025-7783 via form-data (>=3.0.0 <=3.0.3)
form-data NPM version =3.0.0, =1.17.6-next.0, =1.0.6, =1.0.0, =0.12.4, =1.1.3, =1.9.19, =1.1.0, =1.18.0, =2.13.1, =1.1.0, =10.1.0, =1.0.0, =1.9.2, =2.1.4 and more Source cves: CVE-2025-7783 Source advisory: OSV:GHSA-FJXV-7RQG-78G4...
GHSA-FJXV-7RQG-78G4 form-data uses unsafe random function in form-data for choosing boundary
Summary form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker: 1. can observe other values produced by Math.random in the target application, and 2. can control one field of a request made using form-data Because th...
form-data uses unsafe random function in form-data for choosing boundary
Summary form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker: 1. can observe other values produced by Math.random in the target application, and 2. can control one field of a request made using form-data Because th...
CVE-2025-7783
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...
CVE-2025-7783
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...
AZL-65606 CVE-2025-7783 affecting package js-jquery 3.5.0-4
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...
DEBIAN-CVE-2025-7783
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...
AZL-65610 CVE-2025-7783 affecting package js-jquery 3.5.0-4
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...
UBUNTU-CVE-2025-7783
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 -...
Exploit for CVE-2025-7783
form-data boundary randomness vulnerability CVE-2025-7783 L...
Predictable Value Range from Previous Values
Overview Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the boundary value, which uses Math.random. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution. Remediati...
Predictable Value Range from Previous Values
Overview Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the boundary value, which uses Math.random. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution. Remediati...
CVE-2025-7783 Usage of unsafe random function in form-data for choosing boundary
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...
CVE-2025-7783 Usage of unsafe random function in form-data for choosing boundary
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...
CVE-2025-7783
CVE-2025-7783 affects node-form-data; vulnerable versions include