DEBIAN-CVE-2024-52805

Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1...

CVE-2024-52805

Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1...

UBUNTU-CVE-2024-52805

Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1...

CVE-2024-52805

CVE-2024-52805 affects Synapse before 1.120.1, where multipart/form-data requests can transiently increase memory usage during processing, potentially enabling amplification of denial-of-service attacks. The issue is addressed in Synapse 1.120.1 by denying requests with unsupported multipart/form...

CVE-2024-11461

The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2024-11461 Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting

The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2024-11461 Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting

The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2024-11461

The CVE CVE-2024-11461 affects the WordPress Form Data Collector plugin, up to version 2.2.3. It is a Reflected Cross-Site Scripting vulnerability triggered via the page parameter due to insufficient input sanitization and output escaping. Exploitation requires a user to click a crafted link, ena...

Element Synapse 安全漏洞

Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse that stems from the fact that multi-part/form data requests may, under certain configurations, temporarily increase memory consumption beyond expected...

WordPress plugin Form Data Collector 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2024-17013 · WordPress · Form Data Collector

Name of the Vulnerable Software and Affected Versions: Form Data Collector plugin for WordPress versions up to and including 2.2.3 Description: The issue is related to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages...

WordPress Form Data Collector plugin <= 2.2.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Form Data Collector versions = 2.2.3...

Allocation of Resources Without Limits or Throttling

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the multipart/form-data, when line breaks: CR \r or LF \n in front of the first boundary and any tailing bytes...

Denial of service (DoS) via deformation `multipart/form-data` boundary

Summary When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause excessive logging for certain inputs. An attacker could...

GHSA-59G5-XGCQ-4QW3 Denial of service (DoS) via deformation `multipart/form-data` boundary

Summary When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause excessive logging for certain inputs. An attacker could...

CVE-2024-53981

A flaw was found in python-multipart. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause excessive logging for...

CVE-2024-53981 python-multipart has a Denial of service (DoS) via deformation `multipart/form-data` boundary

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...

CVE-2024-53981

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...

Astra Linux – Vulnerability in PHP 8.2

In PHP versions 8.1. before 8.1.30, and 8.2. before 8.2.24, as well as 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could result in legitimate data not being processed. This could allow malicious attackers to control a portion of the submitted dat...

GHSA-GJCC-JVGW-WVWJ Litestar allows unbounded resource consumption (DoS vulnerability)

Summary Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allo...