AikidoSec · sampion88 · Jul 7, 2025 · Jul 4, 2025 · Jul 7, 2025
diff --git a/vulnerabilities/AIKIDO-2025-10436.json b/vulnerabilities/AIKIDO-2025-10436.json
@@ -0,0 +1,26 @@
+{
+  "package_name": "Multer",
+  "patch_versions": [
+    "2.0.1"
+  ],
+  "vulnerable_ranges": [
+    [
+      "1.4.4-lts.1",
+      "2.0.0"
+    ]
+  ],
+  "cwe": [
+    "CWE-248"
+  ],
+  "tldr": "Multer, a Node.js middleware for handling `multipart/form-data`, contains a vulnerability in versions `1.4.4-lts.1` up to `2.0.0`. An attacker can exploit this flaw to trigger a Denial of Service (DoS) by submitting a file upload request with an empty string as a field name. This results in an unhandled exception, causing the process to crash.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `Multer` library to the patch version.",
+  "vulnerable_to": "Uncaught Exception",
+  "related_cve_id": "CVE-2025-48997",
+  "language": "JS",
+  "severity_class": "HIGH",
+  "aikido_score": 87,
+  "changelog": "https://github.com/expressjs/multer/releases/tag/v2.0.1",
+  "last_modified": "2025-07-07",
+  "published": "2025-07-07"
+}