CVE-2020-7699
npm/express-fileupload
Injection Vulnerability
This affects the package express-fileupload. If the parseNested
option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.
All versions before 1.1.8
Upgrade to version 1.1.8 or above.
2020-08-05
source |