CVE-2020-7699
Published
CVSS v3
7.5
HIGH
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.
Simple express file upload middleware that wraps around busboy
GitHub