CVE-2020-7699

Injection Vulnerability in npm/express-fileupload

Identifiers

CVE-2020-7699

Package Slug

npm/express-fileupload

Vulnerability

Injection Vulnerability

Description

This affects the package express-fileupload. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.

Affected Versions

All versions before 1.1.8

Solution

Upgrade to version 1.1.8 or above.

Last Modified

2020-08-05

source