Ctcpip

**Name of the Vulnerable Software and Affected Versions** Multer versions 1.4.4-lts.1 through 2.0.1 **Description** Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. **Recommendations** Upgrade to version 2.0.2.

Name of the Vulnerable Software and Affected Versions: Multer versions prior to 2.0.0 Description: The issue is related to improper stream handling in Multer, a node.js middleware for handling `multipart/form-data`. This leads to a resource exhaustion and memory leak issue when the HTTP request stream emits an error, as the internal `busboy` stream is not closed. As a result, unclosed streams accumulate over time, consuming memory and file descriptors, which can cause denial of service under sustained or repeated failure conditions. All users of Multer handling file uploads are potentially impacted. Recommendations: For versions prior to 2.0.0, upgrade to 2.0.0 to receive a patch. As a temporary workaround, consider restricting the use of Multer for handling file uploads until the issue is resolved.