Skip to content

Fix security issue in form-data via minor version upgrade from 2.5.2 to 2.5.4#186

Closed
aikido-autofix[bot] wants to merge 1 commit into
mainfrom
fix/aikido-security-update-packages-5830407-9Yqo
Closed

Fix security issue in form-data via minor version upgrade from 2.5.2 to 2.5.4#186
aikido-autofix[bot] wants to merge 1 commit into
mainfrom
fix/aikido-security-update-packages-5830407-9Yqo

Conversation

@aikido-autofix

@aikido-autofix aikido-autofix Bot commented Jul 23, 2025

Copy link
Copy Markdown
Contributor

This PR will resolve the following CVEs:

CVE ID Severity Description
CVE-2025-7783
HIGH
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.

This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

Summary by Sourcery

Bug Fixes:

  • Bump form-data from <=2.5.2 to 2.5.4 to resolve a Use of Insufficiently Random Values vulnerability causing HTTP Parameter Pollution.

@aikido-autofix aikido-autofix Bot closed this Jul 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants