The file upload process appears vulnerable to file overwrite because the original filenames are preserved and all uploaded files are dumped into a files/ directory. The application should not trust input from an external source, and should parse it appropriately.

See line 15, in which the file.originalname (untrusted input) is used as the name of the file on disk. multer strips path characters from the filename="" in the multipart upload so you get restricted to the files/ directory, but if you know the name of any other file you can clobber it with your own with a filename collision in the filename="" part of the multipart upload.

This is an explicit override of the multer diskStorage callback which does this random filename generation for this reason.

Remember, file upload is dangerous. Please review OWASP for more information.

Hi...
As I read your code and stumbled about the 20mb size limit I also read about it on how to store files in a mongodb using gridfs. It seems that using gridfs would automatically break this barrier which "should" be 16mb from my pov(?).
So, what do you think about using this instead of plain store the file as a documents in a schema?
Best regards,
Marius

Resources:
https://docs.mongodb.com/manual/core/gridfs/
https://www.mongodb.com/blog/post/building-mongodb-applications-binary-files-using-gridfs-part-1?jmp=docs
https://www.npmjs.com/package/mongoose-gridfs

Dependabot can't resolve your JavaScript dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

Error while updating /package-lock.json:
No matching version found for [email protected]

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

You can mention @dependabot in the comments below to contact the Dependabot team.

How to change the max file size upload.

I set max size so notify will return

I integrate multer with cloudinary https://github.com/affanshahid/multer-storage-cloudinary. When i upload from another site, sometime throw error.
I'm not pro Nodejs. So can you suggest to fix it.

UNHANDLED_REJECTION:  { error:
   { Error: connect ETIMEDOUT 52.1.216.155:443
    at Object._errnoException (util.js:992:11)
    at _exceptionWithHostPort (util.js:1014:20)
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1186:14)
     code: 'ETIMEDOUT',
     errno: 'ETIMEDOUT',
     syscall: 'connect',
     address: '52.1.216.155',
     port: 443 } }
UNHANDLED_EXCEPTION:  TypeError: Cannot read property 'toString' of undefined
    at process.once.err (C:\My Web Sites\DropIt-Clouddinary\app.js:330:52)
    at Object.onceWrapper (events.js:317:30)
    at emitTwo (events.js:126:13)
    at process.emit (events.js:214:7)
    at C:\My Web Sites\DropIt-Clouddinary\node_modules\q\q.js:1079:25
    at runSingle (C:\My Web Sites\DropIt-Clouddinary\node_modules\q\q.js:137:1
    at flush (C:\My Web Sites\DropIt-Clouddinary\node_modules\q\q.js:130:13)
    at _combinedTickCallback (internal/process/next_tick.js:131:7)
    at process._tickCallback (internal/process/next_tick.js:180:9)
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] start: `node app.js`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] start script.
npm ERR! This is probably not a problem with npm. There is likely additional lging output above.

Hi,

This project really looks cool!

I've a question here. Can I store the images to S3?
How? Do you have sample code for that?

Thank you.