1494 matches found
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys function when a form key contains an opening without a matching . An attacker can cause the application to become unresponsive by sending specially crafted network requests that trigge...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
GHSA-XH3C-6GCQ-G4RV multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...
multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...
Uncaught Exception
Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. A...
Uncaught Exception
Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. An attacker can...
GHSA-QXCH-WHHJ-8956 multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception
Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property e.g., proto, constructor, toString, the parser invokes .push on the inherited...
NPM: parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names
NPM: parse-nested-form-data has Prototype Pollution via proto in FormData field names vulnerability discovered by ? in WordPress Npm parse-nested-form-data versions = 1.0.0...
Prototype Pollution
Overview parse-nested-form-data is an A tiny node module for parsing FormData by name into objects and arrays Affected versions of this package are vulnerable to Prototype Pollution via the parseFormData process. An attacker can modify the prototype of all plain objects in the running process by...
parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names
Summary parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with proto, or contains .proto. mid-path, causes the parser to traverse onto Object.prototype and assign properties...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 React2Shell Analysis Report Sections require...
NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys
NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys vulnerability discovered by ? in WordPress Npm form-data-objectizer versions = 1.0.0...
GHSA-M2HG-WJQ3-28WQ form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys
Summary form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate Object.prototype, which is a prototype pollution primitive of th...
form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys
Summary form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate Object.prototype, which is a prototype pollution primitive of th...
PT-2026-41696
Name of the Vulnerable Software and Affected Versions form-data-objectizer versions prior to 1.0.1 Description The software fails to filter proto , constructor, or prototype when converting FormData to objects using bracket-notation form keys. An attacker can submit a single HTTP form field with ...
PT-2026-41772
Name of the Vulnerable Software and Affected Versions parse-nested-form-data versions prior to 1.0.1 Description The parseFormData function processes bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. An attacker can use a FormData field na...