Skip to content

[WEB-4155][Aikido] Fix critical issue in form-data via minor version upgrade from 4.0.0 to 4.0.5#6

Open
aikido-autofix[bot] wants to merge 1 commit into
mainfrom
fix/aikido-security-update-packages-27416583-gfqm
Open

[WEB-4155][Aikido] Fix critical issue in form-data via minor version upgrade from 4.0.0 to 4.0.5#6
aikido-autofix[bot] wants to merge 1 commit into
mainfrom
fix/aikido-security-update-packages-27416583-gfqm

Conversation

@aikido-autofix

Copy link
Copy Markdown

Upgrade form-data to fix critical HTTP Parameter Pollution vulnerability caused by insufficiently random values.

⚠️ Breaking changes analysis not available for: form-data

✅ 1 CVE resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue Severity           Description
CVE-2025-7783
🚨 CRITICAL
[form-data] Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.

This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

@anonpran anonpran changed the title [Aikido] Fix critical issue in form-data via minor version upgrade from 4.0.0 to 4.0.5 [WEB-4155][Aikido] Fix critical issue in form-data via minor version upgrade from 4.0.0 to 4.0.5 Apr 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants