express-fileupload@1.4.0 vulnerabilities
Simple express file upload middleware that wraps around Busboy
-
latest version
1.5.1
-
first published
9 years ago
-
latest version published
4 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the express-fileupload package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
express-fileupload is a file upload middleware for express that wraps around busboy. Affected versions of this package are vulnerable to Arbitrary File Upload that allows attackers to execute arbitrary code when uploading a crafted PHP file. NOTE: The maintainers of this package dispute its validity on the grounds that the attack vector described is the normal usage of the package. How to fix Arbitrary File Upload? There is no fixed version for |
*
|
express-fileupload is a file upload middleware for express that wraps around busboy. Affected versions of this package are vulnerable to Arbitrary File Upload when it is possible for attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. How to fix Arbitrary File Upload? There is no fixed version for |
*
|