Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Form-Data vulnerability (USN-7976-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7976-1 advisory. Ben Shonaldmann discovered that Form-data incorrectly generated boundary values for multipart...

GHSA-RM8P-CX58-HCVX Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data

Withdrawn Advisory This advisory has been withdrawn because users of Axios 1.10.0 have the flexibility to use a patched version of form-data, the software in which the vulnerability originates, without upgrading Axios to address GHSA-fjxv-7rqg-78g4. Original Description A critical vulnerability...

form-data uses unsafe random function in form-data for choosing boundary

Summary form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker: 1. can observe other values produced by Math.random in the target application, and 2. can control one field of a request made using form-data Because th...

CVE-2022-24406

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls...

Random number generator and input name linebreaks can be used to send custom data to other sites

Input names can contain line breaks when data is sent using POST. Suitable use of the random number generator can reveal predictable boundaries that will be used when sending the POST data. These can be combined to add extra boundaries into the data, containing payloads that may confuse the...