Severity
9.4
Critical severity
Details
- CVSS score
- 9.4
- CVSS vector
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Overview
About vulnerability
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.
This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
Details
- Affected product:
- Acorn , AlmaLinux 9.2 ESU , Angular , Next.js , Node.js , TuxCare 9.6 ESU , Ubuntu 16.04 ELS , Ubuntu 18.04 ELS , browser-env , cacheable-request , canvg , condition-travis , form-data , got , jQuery , javascript-test-reporter , jpm , jsdom , jspdf , last-release-npm , libcipm , libnpm , loopback , loopback-connector-remote , ng-packagr , npm , npm-lifecycle , npm-registry-client , protractor , request , requestretry , sass-loader , semantic-release , sign-addon , strong-remoting , styled-jsx , travis-deploy-once , webdriver-manager , window , yui
- Affected packages:
- form-data @ 1.0.0 (+117 more)
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.
This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.