express-fileupload

Releases50

Frequency2 months 1 week

Last Release 11 months ago

Simple express file upload middleware that wraps around Busboy

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-27261 ↗	Apr 12, 2022Tuesday, 12 April 2022, 17:15	7.5 HIGH	4.3 MEDIUM
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.