Unrestricted Upload of File with Dangerous Type
An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename.
Advisories for Npm/Graphql-Upload package
2022