Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/multer@2.0.0
Typenpm
Namespace
Namemulter
Version2.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.1.1
Latest_non_vulnerable_version3.0.0-alpha.1
Affected_by_vulnerabilities
0
url VCID-1mcm-t5zu-skbu
vulnerability_id VCID-1mcm-t5zu-skbu
summary Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2359.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2359.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2359
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05455
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2359
2
reference_url https://github.com/expressjs/multer
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/expressjs/multer
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443350
reference_id 2443350
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2443350
4
reference_url https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab
reference_id cccf0fe0e64150c4f42ccf6654165c0d66b9adab
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T17:13:07Z/
url https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2359
reference_id CVE-2026-2359
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2359
6
reference_url https://www.cve.org/CVERecord?id=CVE-2026-2359
reference_id CVERecord?id=CVE-2026-2359
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T17:13:07Z/
url https://www.cve.org/CVERecord?id=CVE-2026-2359
7
reference_url https://github.com/advisories/GHSA-v52c-386h-88mc
reference_id GHSA-v52c-386h-88mc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v52c-386h-88mc
8
reference_url https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc
reference_id GHSA-v52c-386h-88mc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T17:13:07Z/
url https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc
9
reference_url https://access.redhat.com/errata/RHSA-2026:6174
reference_id RHSA-2026:6174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6174
10
reference_url https://access.redhat.com/errata/RHSA-2026:6802
reference_id RHSA-2026:6802
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6802
11
reference_url https://cna.openjsf.org/security-advisories.html
reference_id security-advisories.html
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T17:13:07Z/
url https://cna.openjsf.org/security-advisories.html
fixed_packages
0
url pkg:npm/multer@2.1.0
purl pkg:npm/multer@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t744-ytsg-dydy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/multer@2.1.0
aliases CVE-2026-2359, GHSA-v52c-386h-88mc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mcm-t5zu-skbu
1
url VCID-75q2-tqb2-cub8
vulnerability_id VCID-75q2-tqb2-cub8
summary Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48997.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48997.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48997
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.48411
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48997
2
reference_url https://github.com/expressjs/multer
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/expressjs/multer
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48997
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48997
4
reference_url https://github.com/expressjs/multer/issues/1233
reference_id 1233
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:29:57Z/
url https://github.com/expressjs/multer/issues/1233
5
reference_url https://github.com/expressjs/multer/pull/1256
reference_id 1256
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:29:57Z/
url https://github.com/expressjs/multer/pull/1256
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2370084
reference_id 2370084
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2370084
7
reference_url https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9
reference_id 35a3272b611945155e046dd5cef11088587635e9
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:29:57Z/
url https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9
8
reference_url https://github.com/advisories/GHSA-g5hg-p3ph-g8qg
reference_id GHSA-g5hg-p3ph-g8qg
reference_type
scores
url https://github.com/advisories/GHSA-g5hg-p3ph-g8qg
9
reference_url https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg
reference_id GHSA-g5hg-p3ph-g8qg
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:29:57Z/
url https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg
10
reference_url https://access.redhat.com/errata/RHSA-2025:14090
reference_id RHSA-2025:14090
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14090
fixed_packages
0
url pkg:npm/multer@2.0.1
purl pkg:npm/multer@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mcm-t5zu-skbu
1
vulnerability VCID-gq87-pjtd-wyg5
2
vulnerability VCID-t744-ytsg-dydy
3
vulnerability VCID-uytp-m7m5-kufp
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/multer@2.0.1
aliases CVE-2025-48997, GHSA-g5hg-p3ph-g8qg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-75q2-tqb2-cub8
2
url VCID-gq87-pjtd-wyg5
vulnerability_id VCID-gq87-pjtd-wyg5
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7338.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7338.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-7338
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12729
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-7338
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/expressjs/multer
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/expressjs/multer
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7338
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7338
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2381726
reference_id 2381726
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2381726
6
reference_url https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b
reference_id adfeaf669f0e7fe953eab191a762164a452d143b
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-17T16:48:34Z/
url https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b
7
reference_url https://github.com/advisories/GHSA-fjgf-rc76-4x9p
reference_id GHSA-fjgf-rc76-4x9p
reference_type
scores
url https://github.com/advisories/GHSA-fjgf-rc76-4x9p
8
reference_url https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p
reference_id GHSA-fjgf-rc76-4x9p
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-17T16:48:34Z/
url https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p
9
reference_url https://access.redhat.com/errata/RHSA-2025:14090
reference_id RHSA-2025:14090
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14090
10
reference_url https://access.redhat.com/errata/RHSA-2025:14767
reference_id RHSA-2025:14767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14767
11
reference_url https://cna.openjsf.org/security-advisories.html
reference_id security-advisories.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-17T16:48:34Z/
url https://cna.openjsf.org/security-advisories.html
fixed_packages
0
url pkg:npm/multer@2.0.2
purl pkg:npm/multer@2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mcm-t5zu-skbu
1
vulnerability VCID-t744-ytsg-dydy
2
vulnerability VCID-uytp-m7m5-kufp
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/multer@2.0.2
1
url pkg:npm/multer@3.0.0-alpha.1
purl pkg:npm/multer@3.0.0-alpha.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/multer@3.0.0-alpha.1
aliases CVE-2025-7338, GHSA-fjgf-rc76-4x9p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gq87-pjtd-wyg5
3
url VCID-t744-ytsg-dydy
vulnerability_id VCID-t744-ytsg-dydy
summary Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3520.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3520.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3520
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20792
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3520
2
reference_url https://github.com/expressjs/multer
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/expressjs/multer
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2444584
reference_id 2444584
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2444584
4
reference_url https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752
reference_id 7e66481f8b2e6c54b982b34c152479e096ce2752
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-04T17:12:05Z/
url https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3520
reference_id CVE-2026-3520
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3520
6
reference_url https://www.cve.org/CVERecord?id=CVE-2026-3520
reference_id CVERecord?id=CVE-2026-3520
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-04T17:12:05Z/
url https://www.cve.org/CVERecord?id=CVE-2026-3520
7
reference_url https://github.com/advisories/GHSA-5528-5vmv-3xc2
reference_id GHSA-5528-5vmv-3xc2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5528-5vmv-3xc2
8
reference_url https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2
reference_id GHSA-5528-5vmv-3xc2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-04T17:12:05Z/
url https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2
9
reference_url https://access.redhat.com/errata/RHSA-2026:6174
reference_id RHSA-2026:6174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6174
10
reference_url https://access.redhat.com/errata/RHSA-2026:6802
reference_id RHSA-2026:6802
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6802
11
reference_url https://cna.openjsf.org/security-advisories.html
reference_id security-advisories.html
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-04T17:12:05Z/
url https://cna.openjsf.org/security-advisories.html
fixed_packages
0
url pkg:npm/multer@2.1.1
purl pkg:npm/multer@2.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/multer@2.1.1
aliases CVE-2026-3520, GHSA-5528-5vmv-3xc2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t744-ytsg-dydy
4
url VCID-uytp-m7m5-kufp
vulnerability_id VCID-uytp-m7m5-kufp
summary Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3304.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3304.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3304
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05455
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3304
2
reference_url https://github.com/expressjs/multer
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/expressjs/multer
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443353
reference_id 2443353
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2443353
4
reference_url https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee
reference_id 739919097dde3921ec31b930e4b9025036fa74ee
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T17:12:20Z/
url https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3304
reference_id CVE-2026-3304
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3304
6
reference_url https://www.cve.org/CVERecord?id=CVE-2026-3304
reference_id CVERecord?id=CVE-2026-3304
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T17:12:20Z/
url https://www.cve.org/CVERecord?id=CVE-2026-3304
7
reference_url https://github.com/advisories/GHSA-xf7r-hgr6-v32p
reference_id GHSA-xf7r-hgr6-v32p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xf7r-hgr6-v32p
8
reference_url https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p
reference_id GHSA-xf7r-hgr6-v32p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T17:12:20Z/
url https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p
9
reference_url https://access.redhat.com/errata/RHSA-2026:6174
reference_id RHSA-2026:6174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6174
10
reference_url https://access.redhat.com/errata/RHSA-2026:6802
reference_id RHSA-2026:6802
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6802
11
reference_url https://cna.openjsf.org/security-advisories.html
reference_id security-advisories.html
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T17:12:20Z/
url https://cna.openjsf.org/security-advisories.html
fixed_packages
0
url pkg:npm/multer@2.1.0
purl pkg:npm/multer@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t744-ytsg-dydy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/multer@2.1.0
aliases CVE-2026-3304, GHSA-xf7r-hgr6-v32p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uytp-m7m5-kufp
Fixing_vulnerabilities
0
url VCID-1vav-v8et-fubc
vulnerability_id VCID-1vav-v8et-fubc
summary Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47935
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.39025
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47935
1
reference_url https://github.com/expressjs/multer
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/expressjs/multer
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47935
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47935
3
reference_url https://github.com/expressjs/multer/pull/1120
reference_id 1120
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T14:29:22Z/
url https://github.com/expressjs/multer/pull/1120
4
reference_url https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
reference_id 2c8505f207d923dd8de13a9f93a4563e59933665
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T14:29:22Z/
url https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
5
reference_url https://github.com/advisories/GHSA-44fp-w29j-9vj5
reference_id GHSA-44fp-w29j-9vj5
reference_type
scores
url https://github.com/advisories/GHSA-44fp-w29j-9vj5
6
reference_url https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5
reference_id GHSA-44fp-w29j-9vj5
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T14:29:22Z/
url https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5
fixed_packages
0
url pkg:npm/multer@2.0.0
purl pkg:npm/multer@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mcm-t5zu-skbu
1
vulnerability VCID-75q2-tqb2-cub8
2
vulnerability VCID-gq87-pjtd-wyg5
3
vulnerability VCID-t744-ytsg-dydy
4
vulnerability VCID-uytp-m7m5-kufp
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/multer@2.0.0
aliases CVE-2025-47935, GHSA-44fp-w29j-9vj5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vav-v8et-fubc
1
url VCID-hqd9-tffc-xqfk
vulnerability_id VCID-hqd9-tffc-xqfk
summary Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47944
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12729
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47944
1
reference_url https://github.com/expressjs/multer
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/expressjs/multer
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47944
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47944
3
reference_url https://github.com/expressjs/multer/issues/1176
reference_id 1176
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T13:13:42Z/
url https://github.com/expressjs/multer/issues/1176
4
reference_url https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
reference_id 2c8505f207d923dd8de13a9f93a4563e59933665
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T13:13:42Z/
url https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
5
reference_url https://github.com/advisories/GHSA-4pg4-qvpc-4q3h
reference_id GHSA-4pg4-qvpc-4q3h
reference_type
scores
url https://github.com/advisories/GHSA-4pg4-qvpc-4q3h
6
reference_url https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h
reference_id GHSA-4pg4-qvpc-4q3h
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T13:13:42Z/
url https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h
fixed_packages
0
url pkg:npm/multer@2.0.0
purl pkg:npm/multer@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mcm-t5zu-skbu
1
vulnerability VCID-75q2-tqb2-cub8
2
vulnerability VCID-gq87-pjtd-wyg5
3
vulnerability VCID-t744-ytsg-dydy
4
vulnerability VCID-uytp-m7m5-kufp
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/multer@2.0.0
aliases CVE-2025-47944, GHSA-4pg4-qvpc-4q3h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqd9-tffc-xqfk
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/multer@2.0.0