Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1mamdmLXJjNzYtNHg5cM4ABKP9

High EPSS: 0.00049% (0.15219 Percentile) EPSS:
Permalink JSON

Multer vulnerable to Denial of Service via unhandled exception from malformed request

Affected Packages Affected Versions Fixed Versions
npm:multer >= 1.4.4-lts.1, < 2.0.2 2.0.2
4,202 Dependent packages
323,227 Dependent repositories
33,367,495 Downloads last month

Affected Version Ranges

All affected versions

1.4.4, 1.4.4-lts.1, 2.0.0, 2.0.1

All unaffected versions

0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.6, 0.1.7, 0.1.8, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 2.0.2

Impact

A vulnerability in Multer versions >= 1.4.4-lts.1, < 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled exception, leading to a crash of the process.

Patches

Users should upgrade to 2.0.2

Workarounds

None

References:

Identifiers

GHSA-fjgf-rc76-4x9p

CVE-2025-7338

Risk

Severity

High

EPSS

EPSS Percentage: 0.00049

EPSS Percentile: 0.15219

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/expressjs/multer

Date and time

Published

13 days ago

Updated

13 days ago

API

JSON