VulnerableCode Package Details - pkg:npm/multer@2.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-t744-ytsg-dydy Aliases: CVE-2026-3520 GHSA-5528-5vmv-3xc2	Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.	2.1.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-t744-ytsg-dydy
Aliases:
CVE-2026-3520
GHSA-5528-5vmv-3xc2

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.

2.1.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1mcm-t5zu-skbu	Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.	CVE-2026-2359 GHSA-v52c-386h-88mc
VCID-uytp-m7m5-kufp	Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.	CVE-2026-3304 GHSA-xf7r-hgr6-v32p

Vulnerability

Summary

Aliases

VCID-1mcm-t5zu-skbu

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

CVE-2026-2359
GHSA-v52c-386h-88mc

VCID-uytp-m7m5-kufp

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

CVE-2026-3304
GHSA-xf7r-hgr6-v32p

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T21:18:13.866006+00:00	GitLab Importer	Affected by	VCID-t744-ytsg-dydy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/multer/CVE-2026-3520.yml	38.6.0
2026-06-12T15:50:56.849273+00:00	GitLab Importer	Fixing	VCID-1mcm-t5zu-skbu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/multer/CVE-2026-2359.yml	38.6.0
2026-06-12T15:50:56.754603+00:00	GitLab Importer	Fixing	VCID-uytp-m7m5-kufp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/multer/CVE-2026-3304.yml	38.6.0
2026-06-12T07:49:49.872517+00:00	GithubOSV Importer	Fixing	VCID-1mcm-t5zu-skbu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-v52c-386h-88mc/GHSA-v52c-386h-88mc.json	38.6.0
2026-06-12T07:49:05.367735+00:00	GithubOSV Importer	Fixing	VCID-uytp-m7m5-kufp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-xf7r-hgr6-v32p/GHSA-xf7r-hgr6-v32p.json	38.6.0
2026-06-11T20:38:24.626522+00:00	GHSA Importer	Fixing	VCID-uytp-m7m5-kufp	https://github.com/advisories/GHSA-xf7r-hgr6-v32p	38.6.0
2026-06-11T20:38:24.608321+00:00	GHSA Importer	Fixing	VCID-1mcm-t5zu-skbu	https://github.com/advisories/GHSA-v52c-386h-88mc	38.6.0