gb_flea/paperclip
1
0
Fork 0
forked from farhoodlabs/paperclip
Code Pull Requests Activity

fix(security): bump multer to 2.1.1 to fix HIGH CVEs

Browse Source 
Bumps multer from ^2.0.2 to ^2.1.1 in server/package.json to resolve
three HIGH-severity DoS vulnerabilities:

- GHSA-xf7r-hgr6-v32p (incomplete cleanup)
- GHSA-v52c-386h-88mc (crafted multipart)
- GHSA-2m88-8c7h-36gr (resource exhaustion)

All three are fixed in multer >= 2.1.0.

Fixes #2753
This commit is contained in:
Matt Van Horn
2026-04-04 23:15:04 -07:00
parent 6c8569156c
commit 2082bb61fe
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/package.json
+1 -1
View File
@@ -68,7 +68,7 @@
"express": "^5.1.0",
"hermes-paperclip-adapter": "^0.2.0",
"jsdom": "^28.1.0",
"multer": "^2.0.2",
"multer": "^2.1.1",
"open": "^11.0.0",
"pino": "^9.6.0",
"pino-http": "^10.4.0",