WS-2019-0314 (Medium) detected in express-fileupload-0.0.5.tgz #8
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2019-0314 - Medium Severity Vulnerability
Simple express file upload middleware that wraps around connect-busboy
Library home page: https://registry.npmjs.org/express-fileupload/-/express-fileupload-0.0.5.tgz
Path to dependency file: /tmp/ws-scm/know-your-SNPs/package.json
Path to vulnerable library: /know-your-SNPs/node_modules/express-fileupload/package.json
Dependency Hierarchy:
Found in HEAD commit: 0648125b6d8826f363bffa8befdf03671d621976
There is a Denial of Service vulnerability was found in express-fileupload before1.1.6-alpha.6 if the request contains a large filename of '.' characters.
Publish Date: 2019-10-18
URL: WS-2019-0314
Base Score Metrics not available
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1216
Release Date: 2019-12-01
Fix Resolution: express-fileupload - 1.1.6-alpha.6
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: