Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-3304

Опубликовано: 27 фев. 2026
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

A flaw was found in Multer, a Node.js middleware. A remote attacker could exploit this vulnerability by sending specially crafted malformed requests. This could lead to resource exhaustion, resulting in a Denial of Service (DoS) for the application using Multer.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/cluster-logging-operator-bundleNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/cluster-logging-rhel9-operatorNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/eventrouter-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/fluentd-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/log-file-metric-exporter-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-view-plugin-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/vector-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/vector-rhel9Not affected
Red Hat Developer Hubrhdh/rhdh-hub-rhel9Affected
Red Hat Enterprise Linux 10fido-device-onboardNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-459
https://bugzilla.redhat.com/show_bug.cgi?id=2443353multer: Multer: Denial of Service via malformed requests

EPSS

Процентиль: 4%
0.00017
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-3304

CVSS3: 7.5
nvd
28 дней назад

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

github логотип

GHSA-xf7r-hgr6-v32p

github
26 дней назад

Multer vulnerable to Denial of Service via incomplete cleanup

EPSS

Процентиль: 4%
0.00017
Низкий

7.5 High

CVSS3