CVE-2026-12143 - form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)
CVE ID :CVE-2026-12143 Published : June 12, 2026, 6:01 p.m. | 1 hour, 6 minutes ago Description :form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim...