Lucene search
K
ExpressjsMulter

5 matches found

CVE
CVE
added 2026/06/15 1:56 p.m.278 views

CVE-2026-5079

The CVE-2026-5079 issue affects the Multer library (versions 1.0.0–2.1.1 and 3.0.0-alpha.1). The vulnerability arises from the append-field dependency parsing bracket notation in field names with no limit on nesting depth, which can cause the allocation of deeply nested object structures and cons...

7.5CVSS5.4AI score0.00278EPSS
CVE
CVE
added 2026/06/15 2:23 p.m.76 views

CVE-2026-5038

MULTER CVE-2026-5038 affects multer’s diskStorage: versions 2.0.0-alpha.1–2.1.1 and 3.0.0-alpha.1 are vulnerable. The root cause is that Readable.pipe() does not propagate the stream destroy signal to the underlying fs.WriteStream, allowing aborted or malformed multipart uploads to leave orphaned...

7.5CVSS5.3AI score0.00278EPSS
CVE
CVE
added 2026/02/27 3:42 p.m.47 views

CVE-2026-2359

Multer (Node.js middleware for multipart/form-data) is affected by a DoS vulnerability in versions prior to 2.1.0. The issue arises when a sender drops the connection during file upload, potentially exhausting resources. The advisory recommends upgrading to version 2.1.0, with no published workar...

8.7CVSS5.9AI score0.00663EPSS
CVE
CVE
added 2026/02/27 3:44 p.m.33 views

CVE-2026-3304

Multer (Node.js middleware for handling multipart/form-data) is affected by CVE-2026-3304: versions prior to 2.1.0 are vulnerable to a Denial of Service via malformed requests, potentially exhausting resources. The issue is addressed by upgrading to version 2.1.0; no public workarounds are docume...

8.7CVSS5.9AI score0.00663EPSS
CVE
CVE
added 2026/03/04 4:17 p.m.32 views

CVE-2026-3520

Multer, a Node.js middleware for multipart/form-data, has a DoS vulnerability in versions prior to 2.1.1. Malformed requests can trigger uncontrolled recursion and a stack overflow, impacting availability. The recommended fix is to upgrade to version 2.1.1; no workarounds are provided in the desc...

8.7CVSS6AI score0.00713EPSS