Lucene search
K

7 matches found

OSV
OSV
added 2026/06/17 6:43 a.m.6 views

MGASA-2026-0216 Updated python-tornado packages fix security vulnerabilities

Tornado has a DoS due to too many multipart parts. CVE-2026-31958 In Tornado, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536...

8.7CVSS5.3AI score0.00375EPSS
Exploits0References3
NVD
NVD
added 2026/04/29 12:16 p.m.7 views

CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/29 10:46 a.m.6 views

EUVD-2026-26205

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS5.2AI score0.00344EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 7:27 p.m.5 views

CVE-2026-31958 Tornado has a DoS due to too many multipart parts

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

8.7CVSS5.8AI score0.00375EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2024/03/14 12:0 a.m.50 views

amavisd-new -- multipart boundary confusion

The Amavis project reports: Emails which consist of multiple parts Content-Type: multipart/ incorporate boundary information stating at which point one part ends and the next part begins. A boundary is announced by an Content-Type header's boundary parameter. To our current knowledge, RFC2046 and...

7.4CVSS6.9AI score0.00826EPSS
Exploits0References1
OSV
OSV
added 2023/04/21 11:5 a.m.4 views

OESA-2023-1237 golang security update

The Go Programming Language. Security Fixes: Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can...

9.8CVSS7.2AI score0.02281EPSS
Exploits0References5
PyPA
PyPA
added 2023/02/14 8:15 p.m.7 views

PYSEC-2023-58

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. ...

7.5CVSS7.5AI score0.0142EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder