CNNVD-202507-2459 Information
CNNVD ID
CNNVD-202507-2459
Related CVE
- CNNVD Published: 2025-07-18
Description (Chinese)
Form-Data是FormData开源的一个用于创建可读的表单数据流的模块。可用于向其他web应用程序提交表单和文件上传。 form-data 2.5.4之前版本、3.0.0至3.0.3版本和4.0.0至4.0.3版本存在安全漏洞,该漏洞源于随机性不足,可能导致HTTP参数污染攻击。
Description (English)
Form-Data is an open source for FormData, a module for creating readable form data streams. Available for uploading forms and files to other web applications. There is a safety loophole in previous versions of form-data 2.5.4, versions 3.0.0 to 3.0.3 and versions 4.0.0 to 4.0.3, which stems from random insufficiency and may lead to pollution attacks by HTTP parameters.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
FormData
Published
2025-07-18
Last Modified
2026-02-24
References
https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0 https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4
Patch
https://www.npmjs.com/package/form-data
Share on: