Description
This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.
Remediation
References
https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-595969
https://github.com/richardgirges/express-fileupload/issues/236
https://security.netapp.com/advisory/ntap-20200821-0003/
Related Vulnerabilities
CVE-2022-0198 Vulnerability in maven package edu.stanford.nlp:stanford-corenlp
CVE-2021-46320 Vulnerability in npm package @openzeppelin/contracts
CVE-2022-41376 Vulnerability in npm package metro4
CVE-2018-1000160 Vulnerability in npm package @risingstack/protect
CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-common