ake/paperclip
1
0
Fork 0
mirror of https://github.com/alkimake/paperclip.git synced 2026-06-14 01:50:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

fix(security): bump multer to 2.1.1 to fix HIGH CVEs

Browse source 
Bumps multer from ^2.0.2 to ^2.1.1 in server/package.json to resolve
three HIGH-severity DoS vulnerabilities:

- GHSA-xf7r-hgr6-v32p (incomplete cleanup)
- GHSA-v52c-386h-88mc (crafted multipart)
- GHSA-2m88-8c7h-36gr (resource exhaustion)

All three are fixed in multer >= 2.1.0.

Fixes #2753
This commit is contained in:
Matt Van Horn 2026-04-04 23:15:04 -07:00
parent 6c8569156c
commit 2082bb61fe
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
server/package.json
View file

@ -68,7 +68,7 @@
"express": "^5.1.0",
"hermes-paperclip-adapter": "^0.2.0",
"jsdom": "^28.1.0",
"multer": "^2.0.2",
"multer": "^2.1.1",
"open": "^11.0.0",
"pino": "^9.6.0",
"pino-http": "^10.4.0",