mmoz

1 exploit Active since Jun 2025
CVE-2025-48997 WRITEUP HIGH WRITEUP
multer >=1.4.4-lts.1 <2.0.1 - Denial of Service via Empty String Field Name
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.