VDB
KO
CRITICAL 9.8

GHSA-9wcg-jrwf-8gg7

Prototype Pollution in express-fileupload

Details

This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / express-fileupload
Introduced in: 0 Fixed in: 1.1.9
Fix npm install express-fileupload@1.1.9

References