CVE-2020-7699

Published: 30/07/2020 Updated: 02/12/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

This affects the package express-fileupload prior to 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
express-fileupload project express-fileupload
netapp max data -

KALI BABA' Vulnerable Machine Technologies KALI BABA' Vulnerable Machine Technologies Paths Remote Access Local Access (Privilege Escalation) Tutorial Sitemap Paths ⚠️ DISCLAIMER: The following code only includes the web app part, if you are interested in having the 'ova' file of the complete virtual machine please contact one of the author

针对 CVE-2020-7699 的复现，软件安全原理课程大作业

CVE-2020-7699 Reproduction Reproduction for Nodejs RCE vulnerability(CVE-2020-7699), my lab work Setup Nodejs edition: v14161, please make sure that the edition of Nodejs is 14(Other edition will propably work, I didn't test) Python edition：395, Python is only used to send HTTP attack request, no specific edition required Just clone the repo, npm i to install depe

CWE-1321 https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-595969 https://github.com/richardgirges/express-fileupload/issues/236 https://security.netapp.com/advisory/ntap-20200821-0003/https://nvd.nist.gov https://github.com/AndreaDipa/KALI-BABA-Vulnerable-Machine https://github.com/hemaoqi-Tom/CVE-2020-7699_reproduce

CVE-2020-7699

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect