Headline

GHSA-fjgf-rc76-4x9p: Multer vulnerable to Denial of Service via unhandled exception from malformed request

Impact

A vulnerability in Multer versions >= 1.4.4-lts.1, < 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled exception, leading to a crash of the process.

Patches

Users should upgrade to 2.0.2

Workarounds

None

5 hours ago

ghsa

Open in Source

#vulnerability #dos #auth

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

ghsa: Latest News

GHSA-9rcw-c2f9-2j55: OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers

4 hours ago

ghsa

GHSA-76c9-3jph-rj3q: on-headers is vulnerable to http response header manipulation

4 hours ago

ghsa

GHSA-fjgf-rc76-4x9p: Multer vulnerable to Denial of Service via unhandled exception from malformed request

5 hours ago

ghsa

GHSA-29cq-5w36-x7w3: Livewire is vulnerable to remote command execution during component property update hydration

5 hours ago

ghsa

GHSA-hfj7-542q-8fvv: DiracX-Web is vulnerable to attack through an Open Redirect on its login page

6 hours ago

ghsa