Arbitrary File Upload Vulnerability in Connect-Multiparty by Connect
CVE-2022-29623

7.8HIGH

Key Information:

Vendor: Connect-multiparty Project
Status: Connect-multiparty
Vendor: CVE Published:; 16 May 2022

🔔 Create Connect-multiparty Project Vulnerability Alert

What is CVE-2022-29623?

An arbitrary file upload vulnerability exists in Connect-Multiparty version 2.2.0, permitting attackers to upload malicious files, such as specially crafted PDF documents. This flaw can potentially enable the execution of arbitrary code on the server, posing significant security risks for users and allowing unauthorized control over the affected systems.

References

https://www.youtube.com/watch?v=i3xJR-91rrM

https://github.com/expressjs/connect-multiparty/releases/...

https://www.npmjs.com/package/connect-multiparty

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2022
Vulnerability Reserved
Apr 25, 2022

CVE-2022-29623 Data

JSON