3 matches found
EUVD-2026-36726
Multer vulnerable to Denial of Service via deeply nested field names...
CVE-2026-5079 multer vulnerable to Denial of Service via deeply nested field names
Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...
PT-2026-49233
Name of the Vulnerable Software and Affected Versions multer versions 1.0.0 through 2.1.1 multer version 3.0.0-alpha.1 Description A Denial of Service issue exists due to the way the append-field dependency parses bracket notation in field names within multipart form data. Because there is no lim...