Multer vulnerable to Denial of Service via unhandled exception from malformed request
Description
Published by the National Vulnerability Database
Jul 17, 2025
Published to the GitHub Advisory Database
Jul 17, 2025
Reviewed
Jul 17, 2025
Last updated
Jul 17, 2025
Impact
A vulnerability in Multer versions >= 1.4.4-lts.1, < 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled exception, leading to a crash of the process.
Patches
Users should upgrade to
2.0.2
Workarounds
None
References