Astra Linux – Vulnerability in Python-Django

A issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files...

ROS-20260524-73-0050

A vulnerability in the MultiPartParser function of the Django web application software platform is related to algorithmic complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Fedora 43 : python-django5 (2026-4d1404fc5d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4d1404fc5d advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...

BIT-DJANGO-2026-33033 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

Django has potential DoS via MultiPartParser through crafted multipart uploads

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

DEBIAN-CVE-2026-33033

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

PYSEC-2026-48

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

CVE-2026-33033 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

EUVD-2021-0063

Malware in sbrugna...

EUVD-2021-0064

Malware in sbrugna...

EUVD-2023-0244

Malicious code in bioql PyPI...

EUVD-2022-0090

Malicious code in bioql PyPI...

The vulnerability of the Pallets Werkzeug web application library, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the Pallets Werkzeug web application library is related to an uncontrolled resource consumption in the werkzeug.formparser.MultiPartParser component. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Linux Distros Unpatched Vulnerability : CVE-2022-23833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could...

Linux Distros Unpatched Vulnerability : CVE-2023-30798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of...

Fedora 41 : python-python-multipart (2024-92de63698e)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-92de63698e advisory. Security update for CVE-2024-53981. 0.0.19 2024-11-30 Don't warn when CRLF is found after last boundary on MultipartParser. 0.0.18 2024-11-28 Hard break if...

CVE-2024-49767

A flaw was found in the Werkzueg web application library. Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.maxformmemorysize setting and trigger a denial of service. Mitigation The...

CVE-2024-49767

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

BIT-DJANGO-2021-28658

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...

BIT-DJANGO-2021-31542

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names...