{"url":"http://public2.vulnerablecode.io/api/packages/74367?format=json","purl":"pkg:npm/multer@2.1.0","type":"npm","namespace":"","name":"multer","version":"2.1.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.1.0","latest_non_vulnerable_version":"2.1.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50461?format=json","vulnerability_id":"VCID-5bu8-gyb9-xug3","summary":"Multer vulnerable to Denial of Service via incomplete cleanup\nA vulnerability in Multer versions < 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion.","references":[{"reference_url":"https://cna.openjsf.org/security-advisories.html","reference_id":"","reference_type":"","scores":[],"url":"https://cna.openjsf.org/security-advisories.html"},{"reference_url":"https://github.com/expressjs/multer","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/expressjs/multer"},{"reference_url":"https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2026-3304","reference_id":"","reference_type":"","scores":[],"url":"https://www.cve.org/CVERecord?id=CVE-2026-3304"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3304","reference_id":"CVE-2026-3304","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3304"},{"reference_url":"https://github.com/advisories/GHSA-xf7r-hgr6-v32p","reference_id":"GHSA-xf7r-hgr6-v32p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xf7r-hgr6-v32p"},{"reference_url":"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p","reference_id":"GHSA-xf7r-hgr6-v32p","reference_type":"","scores":[],"url":"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74367?format=json","purl":"pkg:npm/multer@2.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/multer@2.1.0"}],"aliases":["CVE-2026-3304","GHSA-xf7r-hgr6-v32p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bu8-gyb9-xug3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50463?format=json","vulnerability_id":"VCID-w979-hsb8-dfbn","summary":"Multer vulnerable to Denial of Service via resource exhaustion\nA vulnerability in Multer versions < 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion.","references":[{"reference_url":"https://cna.openjsf.org/security-advisories.html","reference_id":"","reference_type":"","scores":[],"url":"https://cna.openjsf.org/security-advisories.html"},{"reference_url":"https://github.com/expressjs/multer","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/expressjs/multer"},{"reference_url":"https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2026-2359","reference_id":"","reference_type":"","scores":[],"url":"https://www.cve.org/CVERecord?id=CVE-2026-2359"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2359","reference_id":"CVE-2026-2359","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2359"},{"reference_url":"https://github.com/advisories/GHSA-v52c-386h-88mc","reference_id":"GHSA-v52c-386h-88mc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v52c-386h-88mc"},{"reference_url":"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc","reference_id":"GHSA-v52c-386h-88mc","reference_type":"","scores":[],"url":"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74367?format=json","purl":"pkg:npm/multer@2.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/multer@2.1.0"}],"aliases":["CVE-2026-2359","GHSA-v52c-386h-88mc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w979-hsb8-dfbn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/multer@2.1.0"}