Skip to content

fix: upgrade form-data to 2.5.4, 3.0.4, 4.0.4 (CVE-2025-7783)#218

Open
orbisai0security wants to merge 1 commit into
xMasterX:devfrom
orbisai0security:fix-cve-2025-7783-form-data
Open

fix: upgrade form-data to 2.5.4, 3.0.4, 4.0.4 (CVE-2025-7783)#218
orbisai0security wants to merge 1 commit into
xMasterX:devfrom
orbisai0security:fix-cve-2025-7783-form-data

Conversation

@orbisai0security

Copy link
Copy Markdown

Summary

Upgrade form-data from 4.0.0 to 2.5.4, 3.0.4, 4.0.4 to fix CVE-2025-7783.

Vulnerability

Field Value
ID CVE-2025-7783
Severity CRITICAL
Scanner trivy
Rule CVE-2025-7783
File non_catalog_apps/mp_flipper/package-lock.json
Assessment Likely exploitable

Description: form-data: Unsafe random function in form-data

Evidence

Scanner confirmation: trivy rule CVE-2025-7783 flagged this pattern.

Production code: This file is in the production codebase, not test-only code.

Changes

  • non_catalog_apps/mp_flipper/package.json
  • non_catalog_apps/mp_flipper/package-lock.json

Verification

  • Build passes
  • Scanner re-scan confirms fix
  • LLM code review passed

This change addresses a pattern flagged by static analysis. The code path handles user-influenced input and the fix reduces the attack surface against both manual and automated exploitation.


Automated security fix by OrbisAI Security

Automated dependency upgrade by OrbisAI Security
@mishamyte mishamyte added category/tools App category: tools pack/non-catalog App in non_catalog_apps labels Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

category/tools App category: tools pack/non-catalog App in non_catalog_apps

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants