170 matches found
GHSA-5RVQ-CXJ2-64VF python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service
Summary When parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead did it fall back to scanning for ;. For a body that uses ; as the...
python-multipart: Semicolon treated as querystring field separator enables parameter smuggling
Summary QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only & as a separator. This creates a parser differential: the same bytes...
GHSA-6JV3-5F52-599M python-multipart: Semicolon treated as querystring field separator enables parameter smuggling
Summary QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only & as a separator. This creates a parser differential: the same bytes...
[SECURITY] Fedora 43 Update: python-python-multipart-0.0.32-1.fc43
Python-Multipart is a streaming multipart parser for Python...
[SECURITY] Fedora 44 Update: python-python-multipart-0.0.32-1.fc44
Python-Multipart is a streaming multipart parser for Python...
Fedora 44 : python-python-multipart (2026-104e079187)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-104e079187 advisory. 0.0.32 2026-06-04 Speed up partial-boundary scanning for CR/LF-dense part data. ---- 0.0.31 2026-06-04 Speed up multipart header parsing and callback dispatc...
Fedora 43 : python-python-multipart (2026-2cfc16a621)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2cfc16a621 advisory. 0.0.32 2026-06-04 Speed up partial-boundary scanning for CR/LF-dense part data. ---- 0.0.31 2026-06-04 Speed up multipart header parsing and callback dispatc...
📄 Python-Multipart Path Traversal
This code bundle contains two separate components related to the path traversal vulnerability affecting Python-Multipart versions prior to 0.0.22. ================================================================================================================================== | Title :...
📄 Python-Multipart Path Traversal / Arbitrary File Write
Proof of concept that leverages a path traversal vulnerability in Python-Multipart versions prior to 0.0.22 to achieve an arbitrary file write. ================================================================================================================================== | Title :...
CVE-2026-42561
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
ROOT-APP-PYPI-CVE-2024-53981 CVE-2024-53981 in rootio-python-multipart - Patched by Root
Root has patched CVE-2024-53981 in the rootio-python-multipart package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-42561 CVE-2026-42561 in rootio-python-multipart - Patched by Root
Root has patched CVE-2026-42561 in the rootio-python-multipart package for Root:PyPI. Multiple fixed versions available...
openSUSE 16 Security Update : python-python-multipart (openSUSE-SU-2026:20846-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20846-1 advisory. This update for python-python-multipart fixes the following issues - CVE-2026-40347: crafted multipart/form-data can cause a denial of service...
Security update for python-python-multipart (important)
openSUSE security update: security update for python-python-multipart ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20846-1 Rating: important References: bsc1262403 bsc1265250 Cross-References: CVE-2026-40347 CVE-2026-42561 CVSS scores:...
OPENSUSE-SU-2026:20846-1 Security update for python-python-multipart
This update for python-python-multipart fixes the following issues - CVE-2026-40347: crafted multipart/form-data can cause a denial of service bsc1262403. - CVE-2026-42561: denial of service vulnerability in multipart part header parsing bsc1265250...
Security update for python-python-multipart
This update for python-python-multipart fixes the following issue CVE-2026-42561: denial of service vulnerability in multipart part header parsing bsc1265250. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:1961-1 Security update for python-python-multipart
This update for python-python-multipart fixes the following issue - CVE-2026-42561: denial of service vulnerability in multipart part header parsing bsc1265250...
OPENSUSE-SU-2026:10797-1 python311-python-multipart-0.0.28-1.1 on GA media
These are all security issues fixed in the python311-python-multipart-0.0.28-1.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2026-42561
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
Linux Distros Unpatched Vulnerability : CVE-2026-42561
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header...