CVE-2020-7699

Summary

This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
n/aexpress-fileuploadunspecified < 1.1.8affected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References