Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-xf7r-hgr6-v32p

Опубликовано: 01 мар. 2026
Источник: github
Github: Прошло ревью
CVSS4: 8.7

Описание

Multer vulnerable to Denial of Service via incomplete cleanup

Impact

A vulnerability in Multer versions < 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion.

Patches

Users should upgrade to 2.1.0

Workarounds

None

Ссылки

Пакеты

Наименование

multer

npm
Затронутые версииВерсия исправления

< 2.1.0

2.1.0

EPSS

Процентиль: 4%
0.00017
Низкий

8.7 High

CVSS4

CVE ID

CVE-2026-3304

Дефекты

CWE-459

Связанные уязвимости

redhat логотип

CVE-2026-3304

CVSS3: 7.5
redhat
28 дней назад

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

nvd логотип

CVE-2026-3304

CVSS3: 7.5
nvd
28 дней назад

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

EPSS

Процентиль: 4%
0.00017
Низкий

8.7 High

CVSS4

CVE ID

CVE-2026-3304

Дефекты

CWE-459