logo

Database

Lack of data validation In aws-lambda-multipart-parser

Description

AWS Lambda parser is vulnerable to Regular Expression Denial of Service index.js in the aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-75602. NVD-2018-75603. OSV-2018-75604. GHSA-6jqp-j69q-pm625. GCVE-2018-7560

References

1. https://github.com/myshenin/aws-lambda-multipart-parser/commit/56ccb03af4dddebc2b2defb348b6558783d5757e

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.