CVE-2025-47944 - High Severity Vulnerability
Vulnerable Library - multer-1.4.5-lts.2.tgz
Middleware for handling `multipart/form-data`.
Library home page: https://registry.npmjs.org/multer/-/multer-1.4.5-lts.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
- gatsby-5.14.3.tgz (Root Library)
- ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)
Found in HEAD commit: 50f91e8f19edfee259e1f0672ab3b00104b33d47
Found in base branch: master
Vulnerability Details
Multer is a node.js middleware for handling "multipart/form-data". A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available.
Publish Date: 2025-05-19
URL: CVE-2025-47944
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-4pg4-qvpc-4q3h
Release Date: 2025-05-19
Fix Resolution: https://github.com/expressjs/multer.git - v2.0.0
Step up your Open Source Security Game with Mend here
CVE-2025-47944 - High Severity Vulnerability
Middleware for handling `multipart/form-data`.
Library home page: https://registry.npmjs.org/multer/-/multer-1.4.5-lts.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 50f91e8f19edfee259e1f0672ab3b00104b33d47
Found in base branch: master
Multer is a node.js middleware for handling "multipart/form-data". A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available.
Publish Date: 2025-05-19
URL: CVE-2025-47944
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-4pg4-qvpc-4q3h
Release Date: 2025-05-19
Fix Resolution: https://github.com/expressjs/multer.git - v2.0.0
Step up your Open Source Security Game with Mend here