5 matches found
OPENSUSE-SU-2026:21066-1 Security update for python-python-multipart
This update for python-python-multipart fixes the following issues - CVE-2026-53537: multipart/form-data with extended parameters can lead to file or parameter smuggling bsc1268506. - CVE-2026-53538: urlencoded requests containing semicolons can lead to form field smuggling bsc1268496. -...
SUSE-SU-2026:22372-1 Security update for python-python-multipart
This update for python-python-multipart fixes the following issues - CVE-2026-53537: multipart/form-data with extended parameters can lead to file or parameter smuggling bsc1268506. - CVE-2026-53538: urlencoded requests containing semicolons can lead to form field smuggling bsc1268496. -...
GHSA-VPQ2-C234-7XJ6 @tootallnate/once vulnerable to Incorrect Control Flow Scoping
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...
malcontent: Error-path cleanup gap can leak scanners and fds and degrade availability
Several extraction and scanning code paths registered late defers which could leak resources and exhaust system resources. This report is an aggregate of these individual reports for the affected code: Advisory | Affected File -- | -- GHSA-jjgh-mc5q-gch7 | pkg/action/scan.go GHSA-mwmf-fxh2-w4x7 |...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processing of XML catalogs containing repeated elements. An attacker can cause excessive CPU consumption and degrade application availability by supplying specially crafted XM...