Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-v52c-386h-88mc

Опубликовано: 01 мар. 2026
Источник: github
Github: Прошло ревью
CVSS4: 8.7

Описание

Multer vulnerable to Denial of Service via resource exhaustion

Impact

A vulnerability in Multer versions < 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion.

Patches

Users should upgrade to 2.1.0

Workarounds

None

Ссылки

Пакеты

Наименование

multer

npm
Затронутые версииВерсия исправления

< 2.1.0

2.1.0

EPSS

Процентиль: 4%
0.00017
Низкий

8.7 High

CVSS4

CVE ID

CVE-2026-2359

Дефекты

CWE-772

Связанные уязвимости

redhat логотип

CVE-2026-2359

CVSS3: 7.5
redhat
30 дней назад

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

nvd логотип

CVE-2026-2359

CVSS3: 7.5
nvd
29 дней назад

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

EPSS

Процентиль: 4%
0.00017
Низкий

8.7 High

CVSS4

CVE ID

CVE-2026-2359

Дефекты

CWE-772