@rpldy/uploader prototype pollution

Severity:: High

Description

A prototype pollution in the lib.createUploader function of @rpldy/uploader v1.8.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Recommendation

Update the @rpldy/uploader package to the latest compatible version. Followings are version details:

Affected version(s): < 1.9.1
Patched version(s): 1.9.1

References

GHSA-pc47-g7gv-4gpw
CVE-2024-57082
CWE-1321
CAPEC-310
OWASP 2021-A6

Related Issues

njwt Prototype Pollution vulnerability - CVE-2024-34273
uPlot Prototype Pollution vulnerability - CVE-2024-21489
DOMPurify allows tampering by prototype pollution - CVE-2024-45801
Prototype pollution in ag-grid-community via the _.mergeDeep function - CVE-2024-38996

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; @rpldy/uploader

Anything's wrong? Let us know Last updated on February 21, 2025