Critical AdonisJS Vulnerability Enables Remote Arbitrary File Write

January 6, 2026 at 03:30 AM

•

1 min read

Critical AdonisJS Vulnerability Enables Remote Arbitrary File Write — Photo: The Hacker News

TL;DR Summary

A critical security flaw (CVSS 9.2) in the '@adonisjs/bodyparser' npm package allows remote attackers to perform arbitrary file writes on servers through path traversal in multipart file handling, emphasizing the need for immediate updates to affected versions. Additionally, a similar high-severity vulnerability was found in the jsPDF library, which has been patched in version 4.0.0.

Topics:technology #adonisjs #bodyparser #cvss-92 #file-write #vulnerability #web-security

Share this article

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers The Hacker News
Critical AdonisJS Vulnerability Allows Remote Attackers to Write Files on Servers Cyber Press
Critical AdonisJS Vulnerability Allows Remote Attackers to Write Files on Server gbhackers.com
Critical AdonisJS Vulnerability Allow Remote Attacker to Write Files On Server CybersecurityNews

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

88%

471 → 55 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights