From 28511de5c926eb8789d72be075e0a48f32a0169c Mon Sep 17 00:00:00 2001
From: Henrique Cabral <hocabral37@gmail.com>
Date: Fri, 4 Jul 2025 09:23:48 -0300
Subject: [PATCH 1/2] new vuln: CVE-2025-48997 in Multer

---
 input/new.json | 35 ++++++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/input/new.json b/input/new.json
index 87646b9a..5a5a3c9f 100644
--- a/input/new.json
+++ b/input/new.json
@@ -1,15 +1,24 @@
 {
-  "package_name": "",
-  "patch_versions": [],
-  "vulnerable_ranges": [],
-  "cwe": [],
-  "tldr": "",
-  "doest_this_affect_me": "",
-  "how_to_fix": "",
-  "vulnerable_to": "",
-  "related_cve_id": "",
-  "language": "",
-  "severity_class": "",
-  "aikido_score": 0,
-  "changelog": ""
+  "package_name": "Multer",
+  "patch_versions": [
+    "2.0.1"
+  ],
+  "vulnerable_ranges": [
+    [
+      "1.4.4-lts.1",
+      "2.0.0"
+    ]
+  ],
+  "cwe": [
+    "CWE-248"
+  ],
+  "tldr": "Multer, a Node.js middleware for handling `multipart/form-data`, contains a vulnerability in versions `1.4.4-lts.1` up to `2.0.0`. An attacker can exploit this flaw to trigger a Denial of Service (DoS) by submitting a file upload request with an empty string as a field name. This results in an unhandled exception, causing the process to crash.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `Multer` library to the patch version.",
+  "vulnerable_to": "Uncaught Exception",
+  "related_cve_id": "CVE-2025-48997",
+  "language": "JS",
+  "severity_class": "HIGH",
+  "aikido_score": 87,
+  "changelog": "https://github.com/expressjs/multer/releases/tag/v2.0.1"
 }

From a67882f20c3909e5e4b73e2e270be8c1729a52c4 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Mon, 7 Jul 2025 08:17:19 +0000
Subject: [PATCH 2/2] Move new vulnerability to
 vulnerabilities/AIKIDO-2025-10436.json and reset new.json template

---
 input/new.json                         | 35 ++++++++++----------------
 vulnerabilities/AIKIDO-2025-10436.json | 26 +++++++++++++++++++
 2 files changed, 39 insertions(+), 22 deletions(-)
 create mode 100644 vulnerabilities/AIKIDO-2025-10436.json

diff --git a/input/new.json b/input/new.json
index 5a5a3c9f..87646b9a 100644
--- a/input/new.json
+++ b/input/new.json
@@ -1,24 +1,15 @@
 {
-  "package_name": "Multer",
-  "patch_versions": [
-    "2.0.1"
-  ],
-  "vulnerable_ranges": [
-    [
-      "1.4.4-lts.1",
-      "2.0.0"
-    ]
-  ],
-  "cwe": [
-    "CWE-248"
-  ],
-  "tldr": "Multer, a Node.js middleware for handling `multipart/form-data`, contains a vulnerability in versions `1.4.4-lts.1` up to `2.0.0`. An attacker can exploit this flaw to trigger a Denial of Service (DoS) by submitting a file upload request with an empty string as a field name. This results in an unhandled exception, causing the process to crash.",
-  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
-  "how_to_fix": "Upgrade the `Multer` library to the patch version.",
-  "vulnerable_to": "Uncaught Exception",
-  "related_cve_id": "CVE-2025-48997",
-  "language": "JS",
-  "severity_class": "HIGH",
-  "aikido_score": 87,
-  "changelog": "https://github.com/expressjs/multer/releases/tag/v2.0.1"
+  "package_name": "",
+  "patch_versions": [],
+  "vulnerable_ranges": [],
+  "cwe": [],
+  "tldr": "",
+  "doest_this_affect_me": "",
+  "how_to_fix": "",
+  "vulnerable_to": "",
+  "related_cve_id": "",
+  "language": "",
+  "severity_class": "",
+  "aikido_score": 0,
+  "changelog": ""
 }
diff --git a/vulnerabilities/AIKIDO-2025-10436.json b/vulnerabilities/AIKIDO-2025-10436.json
new file mode 100644
index 00000000..b5a798d2
--- /dev/null
+++ b/vulnerabilities/AIKIDO-2025-10436.json
@@ -0,0 +1,26 @@
+{
+  "package_name": "Multer",
+  "patch_versions": [
+    "2.0.1"
+  ],
+  "vulnerable_ranges": [
+    [
+      "1.4.4-lts.1",
+      "2.0.0"
+    ]
+  ],
+  "cwe": [
+    "CWE-248"
+  ],
+  "tldr": "Multer, a Node.js middleware for handling `multipart/form-data`, contains a vulnerability in versions `1.4.4-lts.1` up to `2.0.0`. An attacker can exploit this flaw to trigger a Denial of Service (DoS) by submitting a file upload request with an empty string as a field name. This results in an unhandled exception, causing the process to crash.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `Multer` library to the patch version.",
+  "vulnerable_to": "Uncaught Exception",
+  "related_cve_id": "CVE-2025-48997",
+  "language": "JS",
+  "severity_class": "HIGH",
+  "aikido_score": 87,
+  "changelog": "https://github.com/expressjs/multer/releases/tag/v2.0.1",
+  "last_modified": "2025-07-07",
+  "published": "2025-07-07"
+}