CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
express-fileupload_projectexpress-fileupload
1.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.npmjs.com/package/express-fileupload
https://www.youtube.com/watch?v=3ROHB3ck4tA
https://www.npmjs.com/package/express-fileupload
https://www.youtube.com/watch?v=3ROHB3ck4tA