CNNVD-202601-079 Information
CNNVD ID
CNNVD-202601-079
Related CVE
- CNNVD Published: 2026-01-02
Description (Chinese)
bodyparser是AdonisJS Framework开源的一个AdonisJS上的BodyParser中间件。 bodyparser 10.1.1及之前版本和11.0.0-next.6之前版本存在路径遍历漏洞,该漏洞源于多部分文件处理存在路径遍历,可能导致向服务器文件系统任意位置写入任意文件。
Description (English)
Bodyparser is the Body Parser intermediate on the Adonis JSS Framework open source. Bodyparser 10.1.1 and previous and 11.0.0-next.6 versions have path-to-path loopholes, which stem from multiple parts of the file processing path, which may lead to the writing of random files to any location in the server file system.
Hazard Level
Low
Vulnerability Type
路径遍历
Affected Vendor
AdonisJS Framework
Published
2026-01-02
Last Modified
2026-02-24
References
https://github.com/adonisjs/bodyparser/commit/143a16f35602be8561215611582211dec280cae6 https://github.com/adonisjs/bodyparser/commit/6795c0e3fa824ae275bbd992aae60609e96f0f03 https://github.com/adonisjs/bodyparser/releases/tag/v10.1.2 https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.6 https://github.com/adonisjs/core/security/advisories/GHSA-gvq6-hvvp-h34h https://access.redhat.com/security/cve/cve-2026-21440
Patch
https://github.com/adonisjs/bodyparser/releases
Share on: