{"source":1120744,"name":"form-data","dependency":"form-data","title":"form-data: CRLF injection in form-data via unescaped multipart field names and filenames","url":"https://github.com/advisories/GHSA-hmw2-7cc7-3qxx","severity":"high","versions":["0.0.0","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7","0.0.8","0.0.9","0.0.10","0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.2.0","1.0.0-rc1","1.0.0-rc2","1.0.0-rc3","1.0.0-rc4","1.0.0","1.0.1","2.0.0","2.1.0","2.1.1","2.1.2","2.1.4","2.2.0","2.3.1","2.3.2-rc1","2.3.2","2.3.3","2.4.0","2.5.0","2.5.1","2.5.2","2.5.3","2.5.4","2.5.5","2.5.6","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6"],"vulnerableVersions":["3.0.0","3.0.1","3.0.2","3.0.3","3.0.4"],"cwe":["CWE-93"],"cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},"range":">=3.0.0 <3.0.5","id":"7da5OgX4vg/NZgU7qOndu9NP6flBbWLWfacjkSc6/MUnyYKHn4iz1v0juYnzE/R3wVEabuHtHoyJztRey0j4sg=="}