An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. This vulnerability is debated by the package author.
CPE | Name | Operator | Version |
---|---|---|---|
express-fileupload | le | 1.3.1 |