Lucene search
+L

4 matches found

osv
osv
added 2026/03/12 2:19 p.m.4 views

GHSA-QJXF-F2MG-C6MC Tornado is vulnerable to DoS due to too many multipart parts

In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart...

8.7CVSS5.8AI score0.00375EPSS
Exploits0References7
github
github
added 2026/03/12 2:19 p.m.27 views

Tornado is vulnerable to DoS due to too many multipart parts

In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart...

8.7CVSS5.7AI score0.00375EPSS
Exploits0References7Affected Software1
redhat
redhat
added 2023/08/07 3:18 p.m.7 views

undertow: OutOfMemoryError due to @MultipartConfig handling

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service DoS attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass...

7.5CVSS7.1AI score0.02044EPSS
Exploits0References4
snyk
snyk
added 2023/08/07 12:0 a.m.4 views

Memory Allocation with Excessive Size Value

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value due to improper @MultipartConfig annotation handling for very large multipart content. Note: If the server uses...

7.5CVSS6.9AI score0.02044EPSS
Exploits0References2
Rows per page
Query Builder