multer 1.2.0

Direct Vulnerabilities

Known vulnerabilities in the multer package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Uncontrolled Recursion Affected versions of this package are vulnerable to Uncontrolled Recursion. An attacker can cause the application to crash or become unresponsive by sending malformed requests that trigger uncontrolled recursion, potentially leading to a stack overflow. How to fix Uncontrolled Recursion? Upgrade `multer` to version 2.1.1 or higher.	<2.1.1
H Incomplete Cleanup Affected versions of this package are vulnerable to Incomplete Cleanup in the `makeMiddleware()` function in `make-middleware.js`. An attacker can cause resource exhaustion by sending malformed requests. How to fix Incomplete Cleanup? Upgrade `multer` to version 2.1.0 or higher.	<2.1.0
H Missing Release of Resource after Effective Lifetime Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the `makeMiddleware()` function, when dropping a connection during file upload. An attacker can cause resource exhaustion. How to fix Missing Release of Resource after Effective Lifetime? Upgrade `multer` to version 2.1.0 or higher.	<2.1.0
C Uncaught Exception Affected versions of this package are vulnerable to Uncaught Exception in `makeMiddleware`, when processing a file upload request. An attacker can cause the application to crash by sending a request with a field name containing an empty string. How to fix Uncaught Exception? Upgrade `multer` to version 2.0.1 or higher.	<2.0.1
H Uncaught Exception Affected versions of this package are vulnerable to Uncaught Exception due to an `error` event thrown by `busboy`. An attacker can cause a full nodejs application to crash by sending a specially crafted multi-part upload request. How to fix Uncaught Exception? Upgrade `multer` to version 2.0.0 or higher.	<2.0.0
H Missing Release of Memory after Effective Lifetime Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper handling of error events in HTTP request streams, which fails to close the internal `busboy` stream. An attacker can cause a denial of service by repeatedly triggering errors in file upload streams, leading to resource exhaustion and memory leaks. Note: This is only exploitable if the server is handling file uploads. How to fix Missing Release of Memory after Effective Lifetime? Upgrade `multer` to version 2.0.0 or higher.	<2.0.0

Vulnerability

Vulnerable Version

Uncontrolled Recursion

Affected versions of this package are vulnerable to Uncontrolled Recursion. An attacker can cause the application to crash or become unresponsive by sending malformed requests that trigger uncontrolled recursion, potentially leading to a stack overflow.

How to fix Uncontrolled Recursion?

Upgrade multer to version 2.1.1 or higher.

<2.1.1

Incomplete Cleanup

Affected versions of this package are vulnerable to Incomplete Cleanup in the makeMiddleware() function in make-middleware.js. An attacker can cause resource exhaustion by sending malformed requests.

How to fix Incomplete Cleanup?

Upgrade multer to version 2.1.0 or higher.

<2.1.0

Missing Release of Resource after Effective Lifetime

Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the makeMiddleware() function, when dropping a connection during file upload. An attacker can cause resource exhaustion.

How to fix Missing Release of Resource after Effective Lifetime?

Upgrade multer to version 2.1.0 or higher.

<2.1.0

Uncaught Exception

Affected versions of this package are vulnerable to Uncaught Exception in makeMiddleware, when processing a file upload request. An attacker can cause the application to crash by sending a request with a field name containing an empty string.

How to fix Uncaught Exception?

Upgrade multer to version 2.0.1 or higher.

<2.0.1

Uncaught Exception

Affected versions of this package are vulnerable to Uncaught Exception due to an error event thrown by busboy. An attacker can cause a full nodejs application to crash by sending a specially crafted multi-part upload request.

How to fix Uncaught Exception?

Upgrade multer to version 2.0.0 or higher.

<2.0.0

Missing Release of Memory after Effective Lifetime

Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper handling of error events in HTTP request streams, which fails to close the internal busboy stream. An attacker can cause a denial of service by repeatedly triggering errors in file upload streams, leading to resource exhaustion and memory leaks.

Note:

This is only exploitable if the server is handling file uploads.

How to fix Missing Release of Memory after Effective Lifetime?

Upgrade multer to version 2.0.0 or higher.

<2.0.0

multer@1.2.0

Middleware for handling `multipart/form-data`.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically