An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report.
References
| Link | Resource |
|---|---|
| https://github.com/expressjs/connect-multiparty/releases/tag/2.2.0 | |
| https://www.npmjs.com/package/connect-multiparty | |
| https://www.youtube.com/watch?v=i3xJR-91rrM | Exploit Third Party Advisory |
| https://www.youtube.com/watch?v=i3xJR-91rrM | Exploit Third Party Advisory |
Configurations
History
20 May 2025, 06:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| Summary | (en) An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report. |
21 Nov 2024, 06:59
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.youtube.com/watch?v=i3xJR-91rrM - Exploit, Third Party Advisory |
Information
Published : 2022-05-16 14:15
Updated : 2025-05-20 06:15
NVD link : CVE-2022-29623
Mitre link : CVE-2022-29623
CVE.ORG link : CVE-2022-29623
JSON object : View
Products Affected
connect-multiparty_project
- connect-multiparty
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type