Multer vulnerable to Denial of Service via unhandled exception from malformed request

链接： https://github.com/advisories/GHSA-fjgf-rc76-4x9p

仓库 Star： 11855

CVSS 评分： 7.5

参考链接：

https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p
https://nvd.nist.gov/vuln/detail/CVE-2025-7338
https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b
https://cna.openjsf.org/security-advisories.html
https://github.com/advisories/GHSA-fjgf-rc76-4x9p

描述：

Impact

A vulnerability in Multer versions >= 1.4.4-lts.1, < 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled exception, leading to a crash of the process.

Patches

Users should upgrade to 2.0.2

Workarounds

None

安全公告

#Github Advisory

Multer vulnerable to Denial of Service via unhandled exception from malformed request

http://example.com/2025/07/17/github_3516223492/

作者

lianccc

发布于

2025年7月17日

许可协议

GoldenDict 150 and 151 has an exposed dangerous method that allows reading and modifying 上一篇

OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers 下一篇