richardgirges
commented
2 years ago Duplicate of https://github.com/richardgirges/express-fileupload/issues/316
Both of these security issues are unreviewed. I have a report from the author and we are in the process of investigating. Preliminary results show that some of the issues highlighted in the report is a result of bad-faith implementations of the express-fileupload package. We will be working to resolve all legitimate security vulnerabilities highlighted in the report.
It looks like there are two high level vulnerabilities reported:
https://ossindex.sonatype.org/vulnerability/CVE-2022-27140?component-type=npm&component-name=express-fileupload&utm_source=dependency-check&utm_medium=integration&utm_content=7.1.1
and
https://ossindex.sonatype.org/vulnerability/CVE-2022-27261?component-type=npm&component-name=express-fileupload&utm_source=dependency-check&utm_medium=integration&utm_content=7.1.1
Thanks, Kelly