VulnerableCode Package Details - pkg:npm/multer@2.0.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1mcm-t5zu-skbu Aliases: CVE-2026-2359 GHSA-v52c-386h-88mc	Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.	2.1.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gq87-pjtd-wyg5 Aliases: CVE-2025-7338 GHSA-fjgf-rc76-4x9p		2.0.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.0.0-alpha.1 Affected by 0 other vulnerabilities.
VCID-t744-ytsg-dydy Aliases: CVE-2026-3520 GHSA-5528-5vmv-3xc2	Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.	2.1.1 Affected by 0 other vulnerabilities.
VCID-uytp-m7m5-kufp Aliases: CVE-2026-3304 GHSA-xf7r-hgr6-v32p	Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.	2.1.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1mcm-t5zu-skbu
Aliases:
CVE-2026-2359
GHSA-v52c-386h-88mc

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

2.1.0
Affected by 1 other vulnerability.

VCID-gq87-pjtd-wyg5
Aliases:
CVE-2025-7338
GHSA-fjgf-rc76-4x9p

2.0.2
Affected by 3 other vulnerabilities.

3.0.0-alpha.1
Affected by 0 other vulnerabilities.

VCID-t744-ytsg-dydy
Aliases:
CVE-2026-3520
GHSA-5528-5vmv-3xc2

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.

2.1.1
Affected by 0 other vulnerabilities.

VCID-uytp-m7m5-kufp
Aliases:
CVE-2026-3304
GHSA-xf7r-hgr6-v32p

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

2.1.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-75q2-tqb2-cub8	Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.	CVE-2025-48997 GHSA-g5hg-p3ph-g8qg

Vulnerability

Summary

Aliases

VCID-75q2-tqb2-cub8

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.

CVE-2025-48997
GHSA-g5hg-p3ph-g8qg

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-15T01:55:35.726399+00:00	GHSA Importer	Fixing	VCID-75q2-tqb2-cub8	https://github.com/advisories/GHSA-g5hg-p3ph-g8qg	38.6.0
2026-06-12T21:18:13.857747+00:00	GitLab Importer	Affected by	VCID-t744-ytsg-dydy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/multer/CVE-2026-3520.yml	38.6.0
2026-06-12T21:11:40.428285+00:00	GitLab Importer	Affected by	VCID-1mcm-t5zu-skbu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/multer/CVE-2026-2359.yml	38.6.0
2026-06-12T21:11:34.765256+00:00	GitLab Importer	Affected by	VCID-uytp-m7m5-kufp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/multer/CVE-2026-3304.yml	38.6.0
2026-06-12T20:07:17.607250+00:00	GitLab Importer	Affected by	VCID-gq87-pjtd-wyg5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/multer/CVE-2025-7338.yml	38.6.0
2026-06-12T20:03:24.459518+00:00	GitLab Importer	Fixing	VCID-75q2-tqb2-cub8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/multer/CVE-2025-48997.yml	38.6.0
2026-06-12T07:55:05.553061+00:00	GithubOSV Importer	Fixing	VCID-75q2-tqb2-cub8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-g5hg-p3ph-g8qg/GHSA-g5hg-p3ph-g8qg.json	38.6.0