Astra Linux – Vulnerability in Ruby-Rack

A denial-of-service vulnerability in the multipart parsing component of Rack was fixed in versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0.1. This vulnerability could allow attackers to craft input that causes the RFC2183 multipart boundary parsing in Rack to take an unexpectedly long time,...

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser could accumulate unbounded data when the header block of a multipart part never ended with the required blank line CRLFCRLF. The parser continuously stored incoming bytes in memory...

HTTP Request Smuggling

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to HTTP Request Smuggling via multipart reque...

Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1778)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1778 advisory. OOB Read via Integer Overflow on libsoup through libsoup/websocket/soup-websocket-connection.c via processframe leads to Undefined Behavior CVE-2026-0716 A flaw was found in libsoup, an HTTP...

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

Astra Linux - уязвимость в ruby-rack

There is a DoS vulnerability in Rack versions v3.0.4.2, v2.2.6.3, v2.1.4.3, and v2.0.9.3, particularly in the Multipart MIME parsing code. This vulnerability could allow an attacker to craft requests that can be abused to cause the multipart parsing to take longer than expected...

Astra Linux – Vulnerability in Ruby-Rack

There is a denial-of-service vulnerability in the Content-Disposition parsing component of Rack, which was fixed in versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0.1. This vulnerability could allow an attacker to create an input that causes the Content-Disposition header parsing in Rack to take an...

Security update for rmt-server

This update for rmt-server fixes the following issues CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471...

SUSE-SU-2026:1964-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

EUVD-2026-30133

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

CVE-2026-8466

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

UBUNTU-CVE-2026-8466

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

CVE-2026-8466

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

PT-2026-40763

Name of the Vulnerable Software and Affected Versions cowboy versions 2.0.0 through 2.14.x Description An issue in multipart header parsing allows an unauthenticated attacker to cause a denial of service via unbounded buffer accumulation. The function read part in src/cowboy req.erl accumulates...

Cowboy 安全漏洞

Cowboy is a lightweight and high-performance HTTP server based on Erlang/OTP, developed by Nine Nines. Versions of Cowboy from 2.0.0 to 2.15.0 contained security vulnerabilities. These vulnerabilities stemmed from unlimited buffer accumulation during multipart header parsing. This could allow...

CVE-2026-42854 arduino-esp32: Stack buffer overflow in WebServer multipart boundary parsing leads to remote crash potential RCE

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

CVE-2026-8161 multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

OESA-2026-2220 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads wi...

Unity Linux 20.1070e Security Update: rubygem-rack (UTSA-2026-017388)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017388 advisory. A possible denial of service vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 in the multipart parsing component of Rack. Tenable has extracted the precedin...

USN-8198-2 python-tornado vulnerabilities

USN-8198-1 fixed vulnerabilities in Tornado. This update provides the corresponding updates for Ubuntu 26.04 LTS. Original advisory details: It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of...