46 matches found
DEBIAN-CVE-2025-61771
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
CVE-2025-61771
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
UBUNTU-CVE-2025-61771
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
EUVD-2025-32851
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
CVE-2025-61771
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
CVE-2025-61771
CVE-2025-61771 affects Rack, a Ruby web server interface. The issue: Rack::Multipart::Parser buffers non-file form fields (parts without a filename) entirely in memory, allowing a single large text field in multipart/form-data to exhaust memory and cause DoS. Vulnerable versions are prior to 2.2....
CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
EUVD-2007-4784
Malware in sbrugna...
EUVD-2012-3981
Malware in sbrugna...
The vulnerability of the “Allow All File Extensions” module in Drupal CMS systems stems from insufficient validation of input data, allowing attackers to execute arbitrary code.
The vulnerability of the “Allow All File Extensions” module for file fields in Drupal CMS systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Allow All File Extensions for file fields, which stems from the presence of an issue...
php: Erroneous parsing of multipart form data
A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead to legitimate data not being processed, violating data integrity. For example, if a multipart form data payload contains a valid prefix 'X' of the defined boundary B such...
PT-2024-10095 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal affected versions not specified Description: The issue is related to the Allow All File Extensions for file fields feature in Drupal, which affects the handling of file uploads. This vulnerability is associated with insufficient input...
Drupal Allow All File Extensions for file fields module * - Authenticated Other Vulnerability Type vulnerability
Authenticated Other Vulnerability Type vulnerability discovered by Drupal Security Site in WordPress Module Allow All File Extensions for file fields versions...
Fedora 40 : python-quart (2024-51bff89a25)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-51bff89a25 advisory. Security fix for GHSA-q34m-jh98-gwm2. 0.19.8 2024-10-25 - Bugfix: Fix missing check that caused the previous fix to raise an error. 0.19.7 2024-10-25 -...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in formparser.MultiPartParser. An attacker can cause the parser to consume more memory than the upload size, in excess of maxformmemorysize, by sending malicious data in a non-file...
GHSA-8F6X-V685-G2XC Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory OOM owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a...
Apache Struts 安全漏洞
Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts denial of service...