Fix out-of-band error event from busboy #1177
Conversation
|
I'm experiencing this as well. Can someone review this? Tests which actually trigger this behavior are missing from this PR. |
|
Any chance this will be merged any time soon? |
Yep we desparately need this. Only solution is to downgrade the package. |
|
Bump, any update? |
|
Any update on this? |
|
any update? |
There was a problem hiding this comment.
Perhaps the feature branch requires a rebase or it least the test commands needs to be updated to,
standard && mocha --reporter spec --bail --exit --check-leaks test/I have noticed that more test fails if its just kept to standard && mocha.
And just ran the test after changing the test command, still 2 test fails. One of them looks like this,
1) Disk Storage should process parser/form-data POST request:
Uncaught AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
1803 !== 1778
+ expected - actual
-1803
+1778
at test\disk-storage.js:45:14
at test\_util.js:26:7
at done (lib\make-middleware.js:47:7)
at indicateDone (lib\make-middleware.js:51:68)
at lib\make-middleware.js:157:11
at WriteStream.<anonymous> (storage\disk.js:43:9)
at WriteStream.emit (node:events:526:35)
at finish (node:internal/streams/writable:937:10)
at node:internal/streams/writable:918:13
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)I am not posting the 2nd one because it says "operation not permitted", thats mostly because I am on personal PC, windows right now and I don't want to mess it up lol. I will run the test from a different PC tomorrow.
max-mathieu
force-pushed
the
fix/unhandled-busboy-error
branch
from
30bcca1
to
37241f8
Compare
|
@IamLizu I branched off Since this issue allows an attacker to craft a malformed request and take down any express app that uses multer, should that be a CVE? That's one reason why I branched off |
Fixes #1176