Skip to content

Multer vulnerable to Denial of Service via unhandled exception from malformed request

High
ctcpip published GHSA-fjgf-rc76-4x9p Jul 17, 2025

Package

npm multer (npm)

Affected versions

>=1.4.4-lts.1,<2.0.2

Patched versions

2.0.2

Description

Impact

A vulnerability in Multer versions >=1.4.4-lts.1, <2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled exception, leading to a crash of the process.

Patches

Users should upgrade to 2.0.2

Workarounds

None

References

Severity

High

CVE ID

CVE-2025-7338

Weaknesses

Uncaught Exception

An exception is thrown from a function, but it is not caught. Learn more on MITRE.

Credits