Critical AdonisJS Vulnerability Enables Remote Arbitrary File Write
Originally Published 6 days ago — by The Hacker News
A critical security flaw (CVSS 9.2) in the '@adonisjs/bodyparser' npm package allows remote attackers to perform arbitrary file writes on servers through path traversal in multipart file handling, emphasizing the need for immediate updates to affected versions. Additionally, a similar high-severity vulnerability was found in the jsPDF library, which has been patched in version 4.0.0.