Litestar allows unbounded resource consumption (DoS vulnerability)

Summary Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allo...

Denial Of Service (DoS)

Werkzeug is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of specifically crafted multipart/form-data requests by werkzeug.formparser.MultiPartParser, allowing resource exhaustion and excessive memory allocation...

OESA-2024-2395 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages...

Fedora 41 : python-fastapi / python-openapi-core / python-platformio / etc (2024-05dedb1a53)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-05dedb1a53 advisory. Security fix for CVE-2024-47874. Starlette 0.40.0 October 15, 2024 This release fixes a Denial of service DoS via multipart/form-data requests. You can view...

USN-7049-2 php7.0, php7.2 vulnerabilities

USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject...

Updated python-werkzeug packages fix security vulnerability

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parsing multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

Erroneous parsing of multipart form data

...

CLSA-2024-1730369378 php: Fix of CVE-2024-8925

CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...

CLSA-2024-1730369205 php: Fix of CVE-2024-8925

CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...

Security update for python-Werkzeug

This update for python-Werkzeug fixes the following issues: CVE-2024-49767: Fixed possible resource exhaustion when parsing file data in forms bsc1232449. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CLSA-2024-1730227099 Fix CVE(s): CVE-2024-8925

SECURITY UPDATE: prevent erroneous parsing - debian/patches/CVE-2024-8925.patch: limit multipart/form-data boundaries size to prevent erroneous parsing - CVE-2024-8925...

CLSA-2024-1730226852 php: Fix of CVE-2024-8925

CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...

CLSA-2024-1730141462 php: Fix of CVE-2024-8925

CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...

CLSA-2024-1730139582 php: Fix of CVE-2024-8925

CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...

php: Fix of CVE-2024-8925

CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...

CLSA-2024-1730134476 php: Fix of 2 CVEs

CVE-2024-8927: Fix bypass of cgi.forceredirect configuration - CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...

Allocation of Resources Without Limits or Throttling

Overview Quart is an A Python ASGI web microframework with the same API as Flask Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in formparser.MultiPartParser. An attacker can cause the parser to consume more memory than the upload size, in...

GHSA-Q34M-JH98-GWM2 Werkzeug possible resource exhaustion when parsing file data in forms

Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.maxformmemorysize setting. The Request.maxcontentlength setting, as well as resource limits provided by deployment software and platforms,...

CVE-2024-49767 Werkzeug possible resource exhaustion when parsing file data in forms

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

Werkzeug 安全漏洞

Werkzeug is a comprehensive WSGI web application library open-sourced by Pallets. A security vulnerability exists in Werkzeug versions prior to 3.0.6 that stems from vulnerability to denial of service attacks when parsing multipart/form-data requests...