Preface: In a typical web application, there are three layers of middleware: Web server middleware. Application server middleware and Database middleware. A common request for file upload applications.
For example: uploading user avatars, attaching documents or handling multimedia content.
Multer is a node.js middleware for handling multipart/form-data, which is primarily used for uploading files.
Background: Express is the most popular Node.js web framework, and is the underlying library for a number of other popular Node.js frameworks.
Multer is a popular middleware for handling file uploads in Node. js applications, especially those built with Express . It makes receiving, validating, and storing files from HTTP requests simple and straightforward.
Vulnerability details: Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.
Official announcement: For details, please refer to the link –