1518 matches found
http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`
Summary fixRequestBody is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with handlerFormDataBodyData, which interpolates each req.body key and value directly in...
PT-2026-50735
Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 3.0.4 through 3.0.6 http-proxy-middleware versions prior to 4.1.1 Description An issue exists in the fixRequestBody helper function when the outgoing Content-Type is set to multipart/form-data. The function uses...
Allocation of Resources Without Limits or Throttling
Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the request.form. An attacker can exhaust system resources and disrupt service availability by submitting a specially crafted...
Inefficient Algorithmic Complexity
Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the QuerystringParser function when parsing application/x-www-form-urlencoded bodies containing semicolon-separated fields. An attacker...
Interpretation Conflict
Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Interpretation Conflict through the parseoptionsheader function. An attacker can bypass field name or filename-based access controls, or manipulate file upload destinations ...
python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters
Summary parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=..., and the filename0/filename1 continuation form is decoded and surfaced...
GHSA-VFFW-93WF-4J4Q python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters
Summary parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=..., and the filename0/filename1 continuation form is decoded and surfaced...
form-data: CRLF injection in form-data via unescaped multipart field names and filenames
Summary form-data builds multipart/form-data request bodies. Through v4.0.5, the field name passed to FormDataappend and the filename option are concatenated directly into the Content-Disposition header with no escaping of CR \r, LF \n, or ". An application that uses untrusted input as a field na...
GHSA-HMW2-7CC7-3QXX form-data: CRLF injection in form-data via unescaped multipart field names and filenames
Summary form-data builds multipart/form-data request bodies. Through v4.0.5, the field name passed to FormDataappend and the filename option are concatenated directly into the Content-Disposition header with no escaping of CR \r, LF \n, or ". An application that uses untrusted input as a field na...
CVE-2026-5079 multer vulnerable to Denial of Service via deeply nested field names
Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...
PT-2026-49233
Name of the Vulnerable Software and Affected Versions multer versions 1.0.0 through 2.1.1 multer version 3.0.0-alpha.1 Description A Denial of Service issue exists due to the way the append-field dependency parses bracket notation in field names within multipart form data. Because there is no lim...
Linux Distros Unpatched Vulnerability : CVE-2026-12143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename optio...
CRLF Injection
Overview Affected versions of this package are vulnerable to CRLF Injection via the multiPartHeader function when untrusted input is provided via field or filename to FormDataappend. An attacker can inject additional headers or multipart parts by including carriage returns, line feeds, or double...
CRLF Injection
Overview Affected versions of this package are vulnerable to CRLF Injection via the multiPartHeader function when untrusted input is provided via field or filename to FormDataappend. An attacker can inject additional headers or multipart parts by including carriage returns, line feeds, or double...
DEBIAN-CVE-2026-12143
form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...
CVE-2026-12143
form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...
UBUNTU-CVE-2026-12143
form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...
CVE-2026-12143
form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...
CVE-2026-12143 form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)
form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...
CVE-2026-12143
The CVE-2026-12143 entry concerns the form-data library where, in versions up to 4.0.5, the field argument to FormData#append and the filename option are concatenated into the Content-Disposition header without escaping CR, LF, or "." This enables CRLF injection when attacker-controlled data is u...