Vulnerable Library - server-sdk-3.12.2.tgz
Path to dependency file: /video-express/functions/package.json
Path to vulnerable library: /video-express/functions/package.json
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2025-7783
Vulnerable Library - form-data-4.0.0.tgz
A library to create readable "multipart/form-data" streams. Can be used to submit forms and file uploads to other web applications.
Library home page: https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz
Path to dependency file: /video-express/functions/package.json
Path to vulnerable library: /video-express/functions/package.json
Dependency Hierarchy:
- server-sdk-3.12.2.tgz (Root Library)
- messages-1.11.2.tgz
- vetch-1.7.1.tgz
- node-fetch-2.6.11.tgz
- ❌ form-data-4.0.0.tgz (Vulnerable Library)
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.
This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2025-07-18
URL: CVE-2025-7783
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.4%
CVSS 3 Score Details (8.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-fjxv-7rqg-78g4
Release Date: 2025-07-18
Fix Resolution (form-data): 4.0.4
Direct dependency fix Resolution (@vonage/server-sdk): 3.13.1
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Path to dependency file: /video-express/functions/package.json
Path to vulnerable library: /video-express/functions/package.json
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - form-data-4.0.0.tgz
A library to create readable "multipart/form-data" streams. Can be used to submit forms and file uploads to other web applications.
Library home page: https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz
Path to dependency file: /video-express/functions/package.json
Path to vulnerable library: /video-express/functions/package.json
Dependency Hierarchy:
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.
This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2025-07-18
URL: CVE-2025-7783
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.4%
CVSS 3 Score Details (8.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-fjxv-7rqg-78g4
Release Date: 2025-07-18
Fix Resolution (form-data): 4.0.4
Direct dependency fix Resolution (@vonage/server-sdk): 3.13.1
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.