3 matches found
SUSE CVE-2026-34517
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. This issue has been patched in version 3.13.4...
CVE-2026-34517
A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for Python. A remote attacker could exploit this vulnerability by sending a specially crafted multipart form field. The framework would read the entire field into memory before enforcing size limits, potentially leading to...
security flaw
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...