201 matches found
Malicious code in multer-orm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb45c09aa7a237b2b9ff18ccf6426b76a4f46e5ea665c7747f35a345940e161 multer-orm is a typosquat of the widely used multer middleware. Its README is copied from multer, but the package adds a load-time dropper in...
ROOT-APP-NPM-CVE-2026-3520 CVE-2026-3520 in @rootio/multer - Patched by Root
Root has patched CVE-2026-3520 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-47944 CVE-2025-47944 in @rootio/multer - Patched by Root
Root has patched CVE-2025-47944 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-7338 CVE-2025-7338 in @rootio/multer - Patched by Root
Root has patched CVE-2025-7338 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-48997 CVE-2025-48997 in @rootio/multer - Patched by Root
Root has patched CVE-2025-48997 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-5079 CVE-2026-5079 in @rootio/multer - Patched by Root
Root has patched CVE-2026-5079 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-2359 CVE-2026-2359 in @rootio/multer - Patched by Root
Root has patched CVE-2026-2359 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-47935 CVE-2025-47935 in @rootio/multer - Patched by Root
Root has patched CVE-2025-47935 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-3304 CVE-2026-3304 in @rootio/multer - Patched by Root
Root has patched CVE-2026-3304 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
Malicious code in multer-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50b4df9cf15644bbea3ed944cbf168fdbad1619d0c3e10fff653b0d48c10bbb3 Package name 'multer-express' is similar to the widely used 'multer' middleware for Express. No malicious code patterns, install-time hooks, or...
MAL-2026-6387 Malicious code in multer-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50b4df9cf15644bbea3ed944cbf168fdbad1619d0c3e10fff653b0d48c10bbb3 Package name 'multer-express' is similar to the widely used 'multer' middleware for Express. No malicious code patterns, install-time hooks, or...
Security Bulletin: Vulnerability in node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
EUVD-2026-36726
Multer vulnerable to Denial of Service via deeply nested field names...
EUVD-2026-36728
Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads...
CVE-2026-5038
Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe call does not propagate the stream destroy signal to the...
CVE-2026-5038 multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads
Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe call does not propagate the stream destroy signal to the...
CVE-2026-5038
MULTER CVE-2026-5038 affects multer’s diskStorage: versions 2.0.0-alpha.1–2.1.1 and 3.0.0-alpha.1 are vulnerable. The root cause is that Readable.pipe() does not propagate the stream destroy signal to the underlying fs.WriteStream, allowing aborted or malformed multipart uploads to leave orphaned...
CVE-2026-5079
Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...
CVE-2026-5079 multer vulnerable to Denial of Service via deeply nested field names
Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...
CVE-2026-5079 multer vulnerable to Denial of Service via deeply nested field names
Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...