Impact
A vulnerability in Multer versions >=1.4.4-lts.1, <2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process.
Patches
Users should upgrade to 2.0.1
Workarounds
None
References
35a3272
#1233
#1256
bjohansebas Analyst
ctcpip Coordinator
Markiz9999 Remediation developer
UlisesGascon Remediation reviewer
wesleytodd Remediation reviewer
LinusU Remediation reviewer
Impact
A vulnerability in Multer versions >=1.4.4-lts.1, <2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process.
Patches
Users should upgrade to
2.0.1Workarounds
None
References
35a3272
#1233
#1256