Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content

Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

formidable 安全特征问题漏洞

formidable is a Node.js module for formidable for parsing form data, especially file uploads. A security signature issue vulnerability exists in versions of formidable prior to 2.1.0 through 3.5.3, which stems from an insufficiently secure filename generated by hexoid, which could lead to the...