A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access. The vulnerability lies in the “express-fileupload”” component
Source: told The Daily Swig blog that the flaw might not impact all users.”