Usage of unsafe random function in form-data for choosing boundary
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
Affected products
form-data
- ==4.0.0 - 4.0.3
- ==3.0.0 - 3.0.3
- ==< 2.5.4
Matching in nixpkgs
pkgs.python312Packages.streaming-form-data
Streaming parser for multipart/form-data
-
nixos-unstable -
- nixpkgs-unstable 1.13.0
pkgs.python313Packages.streaming-form-data
Streaming parser for multipart/form-data
-
nixos-unstable -
- nixpkgs-unstable 1.13.0
pkgs.chickenPackages_5.chickenEggs.multipart-form-data
Reads & decodes HTTP multipart/form-data requests.
-
nixos-unstable -
- nixpkgs-unstable 0.2
Package maintainers
-
@zhaofengli Zhaofeng Li <hello@zhaofeng.li>