Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-5528-5vmv-3xc2

Опубликовано: 05 мар. 2026
Источник: github
Github: Прошло ревью
CVSS4: 8.7

Описание

Multer Vulnerable to Denial of Service via Uncontrolled Recursion

Impact

A vulnerability in Multer versions < 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow.

Patches

Users should upgrade to 2.1.1

Workarounds

None

Resources

Ссылки

Пакеты

Наименование

multer

npm
Затронутые версииВерсия исправления

< 2.1.1

2.1.1

EPSS

Процентиль: 18%
0.00058
Низкий

8.7 High

CVSS4

CVE ID

CVE-2026-3520

Дефекты

CWE-674

Связанные уязвимости

redhat логотип

CVE-2026-3520

CVSS3: 7.5
redhat
23 дня назад

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.

nvd логотип

CVE-2026-3520

CVSS3: 7.5
nvd
23 дня назад

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.

EPSS

Процентиль: 18%
0.00058
Низкий

8.7 High

CVSS4

CVE ID

CVE-2026-3520

Дефекты

CWE-674