@adonisjs/bodyparser 11.0.0-next.7 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the @adonisjs/bodyparser package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the `PartHandler` class, during file type detection. An attacker can cause excessive memory consumption by sending a malicious `multipart/form-data` upload with a stream of data that does not match any supported file signatures. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `@adonisjs/bodyparser` to version 10.1.3, 11.0.0-next.9 or higher.	<10.1.3>=11.0.0-next.0 <11.0.0-next.9
M Prototype Pollution @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Prototype Pollution when parsing form field data from non-JSON, non-URL-encoded multipart requests, in `form_fields.ts`. due to insufficient validation of multipart form field names in the `multipart` parsing process. An attacker can manipulate object prototypes at runtime by submitting specially crafted multipart form-data fields containing reserved property names such as `__proto__`, `constructor`, or `prototype`. This is only exploitable if an application endpoint accepts and parses `multipart/form-data` requests. How to fix Prototype Pollution? Upgrade `@adonisjs/bodyparser` to version 10.1.3, 11.0.0-next.9 or higher.	<10.1.3>=11.0.0-next.0 <11.0.0-next.9

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling

@adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the PartHandler class, during file type detection. An attacker can cause excessive memory consumption by sending a malicious multipart/form-data upload with a stream of data that does not match any supported file signatures.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade @adonisjs/bodyparser to version 10.1.3, 11.0.0-next.9 or higher.

<10.1.3>=11.0.0-next.0 <11.0.0-next.9

Prototype Pollution

@adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body

Affected versions of this package are vulnerable to Prototype Pollution when parsing form field data from non-JSON, non-URL-encoded multipart requests, in form_fields.ts. due to insufficient validation of multipart form field names in the multipart parsing process. An attacker can manipulate object prototypes at runtime by submitting specially crafted multipart form-data fields containing reserved property names such as __proto__, constructor, or prototype. This is only exploitable if an application endpoint accepts and parses multipart/form-data requests.

How to fix Prototype Pollution?

Upgrade @adonisjs/bodyparser to version 10.1.3, 11.0.0-next.9 or higher.

<10.1.3>=11.0.0-next.0 <11.0.0-next.9

@adonisjs/bodyparser@11.0.0-next.7 vulnerabilities

BodyParser middleware for AdonisJS http server to read and parse request body

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically