CNNVD-202507-2315 Information

CNNVD ID

CNNVD-202507-2315

Related CVE

CVE-2025-7338

• CNNVD Published: 2025-07-17

Description (Chinese)

Multer是expressjs开源的一个用于Node.js中间件。 Multer 1.4.4-lts.1至2.0.2之前版本存在安全漏洞，该漏洞源于处理畸形多部分上传请求时存在未处理异常，可能导致拒绝服务。

Description (English)

Multer is an offpressjs open source for the Node.js intermediate. There was a security loophole in the previous version of Multer 1.4.4-lts.1 to 2.0.2, which stemmed from unprocessed anomalies in the processing of multiple parts of an abnormal upload request, which could lead to the denial of services.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

expressjs

Published

2025-07-17

Last Modified

2026-02-24

References

https://cna.openjsf.org/security-advisories.html https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p

Patch

https://www.npmjs.com/package/multer