GHSA-3p4h-7m6x-2hcmMediumCVSS 5.3
Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads
🔗 CVE IDs covered (1)
📋 Description
Impact
A vulnerability in Multer allows an attacker to trigger a Denial of Service (DoS) by aborting or sending malformed multipart uploads, causing orphaned partial files to accumulate on disk when using diskStorage.
Patches
Users should upgrade to 2.2.0, 3.0.0-alpha.2 or higher
Workarounds
None
🎯 Affected products2
- npm/multer:>= 2.0.0-alpha.1, < 2.2.0
- npm/multer:>= 3.0.0-alpha.1, < 3.0.0-alpha.2