5 matches found
CVE-2026-5079
The CVE-2026-5079 issue affects the Multer library (versions 1.0.0–2.1.1 and 3.0.0-alpha.1). The vulnerability arises from the append-field dependency parsing bracket notation in field names with no limit on nesting depth, which can cause the allocation of deeply nested object structures and cons...
CVE-2026-5038
MULTER CVE-2026-5038 affects multer’s diskStorage: versions 2.0.0-alpha.1–2.1.1 and 3.0.0-alpha.1 are vulnerable. The root cause is that Readable.pipe() does not propagate the stream destroy signal to the underlying fs.WriteStream, allowing aborted or malformed multipart uploads to leave orphaned...
CVE-2026-2359
Multer (Node.js middleware for multipart/form-data) is affected by a DoS vulnerability in versions prior to 2.1.0. The issue arises when a sender drops the connection during file upload, potentially exhausting resources. The advisory recommends upgrading to version 2.1.0, with no published workar...
CVE-2026-3304
Multer (Node.js middleware for handling multipart/form-data) is affected by CVE-2026-3304: versions prior to 2.1.0 are vulnerable to a Denial of Service via malformed requests, potentially exhausting resources. The issue is addressed by upgrading to version 2.1.0; no public workarounds are docume...
CVE-2026-3520
Multer, a Node.js middleware for multipart/form-data, has a DoS vulnerability in versions prior to 2.1.1. Malformed requests can trigger uncontrolled recursion and a stack overflow, impacting availability. The recommended fix is to upgrade to version 2.1.1; no workarounds are provided in the desc...