Описание
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:express-fileupload_project:express-fileupload:1.3.1:*:*:*:*:node.js:*:*
EPSS
Процентиль: 59%
0.00377
Низкий
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
EPSS
Процентиль: 59%
0.00377
Низкий
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-434