3. CVE-2025-47935 and CVE-2025-47944 (multer@1.4.4-lts.1)

CVE-2025-47935 and CVE-2025-47944 (multer@1.4.4-lts.1)

  • K

    Hi @admin,

    In our implementation of js-report we have updated all the @jsreport components to their latest version. Here is the data from our audit:

    The components @jsreport/jsreport-express@4.2.0 and @jsreport/jsreport-import-export@4.0.7 have multer@1.4.4-lts.1 dependency, which has CVE-2025-47935 and CVE-2025-47944 vulnerabilities.

    Is there a plan to migrate to multer@2.0.0, which is safe? If not, what will be the impact if we override this dependency.

    Thanks in advance.

    0

  • Hi,

    We will update vulnerable dependencies with the next jsreport release as always.
    https://github.com/jsreport/jsreport?tab=readme-ov-file#vulnerabilities

    We are getting close to the release point. Likely next week.

    0
Log in to reply
 

Looks like your connection to jsreport forum was lost, please wait while we try to reconnect.