CVE-2022-27261

Published April 12th, 2022

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.

express-fileupload

Simple express file upload middleware that wraps around Busboy

NPM