Vulnerabilities

 2 via 2 paths

Dependencies

 101

Source

 GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 2
Status
  • 2
  • 0
  • 0

medium severity

Arbitrary File Upload

  • Vulnerable module: express-fileupload
  • Introduced through: express-fileupload@1.5.2

Detailed paths

  • Introduced through: zerochat@rslay/ZeroChat express-fileupload@1.5.2

Overview

express-fileupload is a file upload middleware for express that wraps around busboy.

Affected versions of this package are vulnerable to Arbitrary File Upload that allows attackers to execute arbitrary code when uploading a crafted PHP file.

NOTE: The maintainers of this package dispute its validity on the grounds that the attack vector described is the normal usage of the package.

Remediation

There is no fixed version for express-fileupload.

References

Arbitrary File Upload vulnerability report

medium severity

Arbitrary File Upload

  • Vulnerable module: express-fileupload
  • Introduced through: express-fileupload@1.5.2

Detailed paths

  • Introduced through: zerochat@rslay/ZeroChat express-fileupload@1.5.2

Overview

express-fileupload is a file upload middleware for express that wraps around busboy.

Affected versions of this package are vulnerable to Arbitrary File Upload when it is possible for attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.

Remediation

There is no fixed version for express-fileupload.

References

Arbitrary File Upload vulnerability report