GrepRules
Sign inPublish rule
Explore/cve-2024-3153-express-multer-unhandled-errors

CVE-2024-3153: Express Multer Unhandled Errors

Directly using un-wrapped multer middleware (like `.single()`, `.array()`) in Express routes can lead to unhandled exceptions or promise rejections when parsing malformed multipart/form-data requests. This crashes the server, resulting in a Denial of Service (DoS). To fix this, wrap the multer middleware in a custom error-handling function that catches `err`

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0JS
greprules fetch cve-2024-3153-express-multer-unhandled-errors --engine opengrep

Description

Directly using un-wrapped multer middleware (like `.single()`, `.array()`) in Express routes can lead to unhandled exceptions or promise rejections when parsing malformed multipart/form-data requests. This crashes the server, resulting in a Denial of Service (DoS). To fix this, wrap the multer middleware in a custom error-handling function that catches `err`

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
147 downloads0 direct147 via packs
· 0 stars · Quality score 73How quality works
Included packs
3 packs