org.webjars.npm:multer@1.4.4-lts.1 vulnerabilities

latest version

1.4.5-lts.1

first published

6 years ago

latest version published

2 years ago

licenses detected

MIT
[1.4.4,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:multer package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Uncaught Exception Affected versions of this package are vulnerable to Uncaught Exception due to an `error` event thrown by `busboy`. An attacker can cause a full nodejs application to crash by sending a specially crafted multi-part upload request. How to fix Uncaught Exception? A fix was pushed into the `master` branch but not yet published.	[0,)
H Missing Release of Memory after Effective Lifetime Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper handling of error events in HTTP request streams, which fails to close the internal `busboy` stream. An attacker can cause a denial of service by repeatedly triggering errors in file upload streams, leading to resource exhaustion and memory leaks. Note: This is only exploitable if the server is handling file uploads. How to fix Missing Release of Memory after Effective Lifetime? A fix was pushed into the `master` branch but not yet published.	[0,)

Uncaught Exception

Affected versions of this package are vulnerable to Uncaught Exception due to an error event thrown by busboy. An attacker can cause a full nodejs application to crash by sending a specially crafted multi-part upload request.

How to fix Uncaught Exception?

A fix was pushed into the master branch but not yet published.

[0,)

Missing Release of Memory after Effective Lifetime

Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper handling of error events in HTTP request streams, which fails to close the internal busboy stream. An attacker can cause a denial of service by repeatedly triggering errors in file upload streams, leading to resource exhaustion and memory leaks.

Note:

This is only exploitable if the server is handling file uploads.

How to fix Missing Release of Memory after Effective Lifetime?

A fix was pushed into the master branch but not yet published.

[0,)

Go back to all versions of this package