GMS-2020-718: Denial of Service in express-fileupload

September 3, 2020 (updated January 10, 2023)

Versions of express-fileupload prior to 1.1.6-alpha.6 is vulnerable to Denial of Service. The package causes server responses to be delayed (up to 30s in internal testing) if the request contains a large filename of . characters.

References

github.com/advisories/GHSA-q3w9-g74q-vp5f
www.npmjs.com/advisories/1216

Detect and mitigate GMS-2020-718 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →