CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...

CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...

CVE-2025-30153

CVE-2025-30153 affects kin-openapi (Go) prior to 0.131.0. The issue occurs when validating a request with a multipart/form-data schema: if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file (e.g., a ZIP bomb) that causes the server to exhaust memory. The root cause is the Zip...

PT-2025-11700

Name of the Vulnerable Software and Affected Versions kin-openapi versions prior to 0.131.0 Description The issue arises when validating a request with a multipart/form-data schema. If the OpenAPI schema allows it, an attacker can upload a crafted ZIP file, such as a ZIP bomb, causing the server ...