Nixpkgs security tracker

Permalink CVE-2025-7783

created 9 months ago Activity log

Created suggestion 9 months ago

Usage of unsafe random function in form-data for choosing boundary

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

References

Affected products

form-data

==3.0.0 - 3.0.3
==< 2.5.4
==4.0.0 - 4.0.3

Matching in nixpkgs

pkgs.python311Packages.streaming-form-data

Streaming parser for multipart/form-data

nixos-unstable 1.13.0
- nixpkgs-unstable 1.13.0
- nixos-unstable-small 1.13.0

pkgs.python312Packages.streaming-form-data

Streaming parser for multipart/form-data

nixos-unstable 1.13.0
- nixpkgs-unstable 1.13.0
- nixos-unstable-small 1.13.0

pkgs.python313Packages.streaming-form-data

Streaming parser for multipart/form-data

nixos-unstable 1.13.0
- nixpkgs-unstable 1.13.0
- nixos-unstable-small 1.13.0

pkgs.chickenPackages_5.chickenEggs.multipart-form-data

Reads & decodes HTTP multipart/form-data requests.

nixos-unstable 0.2
- nixpkgs-unstable 0.2
- nixos-unstable-small 0.2

Package maintainers

@zhaofengli Zhaofeng Li <hello@zhaofeng.li>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.python311Packages.streaming-form-data

pkgs.python312Packages.streaming-form-data

pkgs.python313Packages.streaming-form-data

pkgs.chickenPackages_5.chickenEggs.multipart-form-data

Package maintainers