VulnerableCode Package Details - pkg:npm/multer@1.0.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-1mcm-t5zu-skbu Aliases: CVE-2026-2359 GHSA-v52c-386h-88mc	Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.	2.1.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-1vav-v8et-fubc Aliases: CVE-2025-47935 GHSA-44fp-w29j-9vj5	Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.	2.0.0 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-t744-ytsg-dydy Aliases: CVE-2026-3520 GHSA-5528-5vmv-3xc2	Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.	2.1.1 Affected by 0 other vulnerabilities.
VCID-uytp-m7m5-kufp Aliases: CVE-2026-3304 GHSA-xf7r-hgr6-v32p	Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.	2.1.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1mcm-t5zu-skbu
Aliases:
CVE-2026-2359
GHSA-v52c-386h-88mc

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

2.1.0
Affected by 1 other vulnerability.

VCID-1vav-v8et-fubc
Aliases:
CVE-2025-47935
GHSA-44fp-w29j-9vj5

Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.

2.0.0
Affected by 5 other vulnerabilities.

VCID-t744-ytsg-dydy
Aliases:
CVE-2026-3520
GHSA-5528-5vmv-3xc2

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.

2.1.1
Affected by 0 other vulnerabilities.

VCID-uytp-m7m5-kufp
Aliases:
CVE-2026-3304
GHSA-xf7r-hgr6-v32p

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

2.1.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T21:18:13.744556+00:00	GitLab Importer	Affected by	VCID-t744-ytsg-dydy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/multer/CVE-2026-3520.yml	38.6.0
2026-06-12T21:11:40.316667+00:00	GitLab Importer	Affected by	VCID-1mcm-t5zu-skbu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/multer/CVE-2026-2359.yml	38.6.0
2026-06-12T21:11:34.629813+00:00	GitLab Importer	Affected by	VCID-uytp-m7m5-kufp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/multer/CVE-2026-3304.yml	38.6.0
2026-06-12T20:01:54.883176+00:00	GitLab Importer	Affected by	VCID-1vav-v8et-fubc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/multer/CVE-2025-47935.yml	38.6.0