Ubuntu 25.10 / 26.04 LTS : multipart vulnerability (USN-8343-1)

The remote Ubuntu 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8343-1 advisory. It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibl...

USN-8343-1: multipart vulnerability

It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service...

USN-8343-1 multipart vulnerability

It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service...

Astra Linux - уязвимость в jetty9

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support e.g. annotated with @MultipartConfig that call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause OutOfMemoryError when the client sends a multipart request with a part...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Console

Summary Multiple vulnerabilities were addressed in IBM Aspera Console version 3.4.10 Vulnerability Details CVEID:CVE-2026-26961 DESCRIPTION: Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from...

Security Bulletin: Cookie Parsing Vulnerability in Werkzeug Allows Subdomain Cookie Injection (≤ v2.2.2), affects watsonx.data

Summary A vulnerability in Werkzeug prior to v2.2.3 allows malicious subdomains to inject crafted "nameless" cookies that are incorrectly parsed as valid cookies. This can cause applications to accept attacker-controlled values, potentially leading to security issues. This can affect watsonx.data...

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Vulnerabilities exist in versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6. These vulnerabilities stem from Rack::Multipart::Parser, which handles multipart requests without a limit on the total size, potentially leading to...

abstra (>=1.8.8 <=2.5.1), clay (>=3.0.0 <=4.0.0) +19 more potentially affected by CVE-2026-28356 via multipart (>=0.2.4 <=1.2.1)

multipart PYPI version =0.2.4, =1.8.8, =3.0.0, =4.5.0b3, =0.3.11, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.6, =0.1.0, =0.1.0, =1.0.0, =0.1.3, =1.1.44 and more Source cves: CVE-2026-28356 Source advisory: OSV:GHSA-P2M9-WCP5-6QW3...

EUVD-2021-1148

Malware in sbrugna...

EUVD-2022-1154

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-22118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by...

aeiva (>=0.8.2.4 <=0.8.2.6), aiai-cli (>=0.1.0 <=0.1.13) +61 more potentially affected by CVE-2024-53981 via python-multipart (>=0.0.10 <=0.0.17)

python-multipart PYPI version =0.0.10, =0.8.2.4, =0.1.0, =0.0.1, =0.3.0, =0.8.26, =2.0.0, =0.3.3, =0.1.6, =0.1.23, =0.0.10, =0.11.6, =0.2.0, =2024.10.0, =0.0.0a10, =0.0.0a11 - fastapi-users =14.0.0 and more Source cves: CVE-2024-53981 Source advisory: OSV:GHSA-59G5-XGCQ-4QW3...

Allocation of Resources Without Limits or Throttling

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the multipart/form-data, when line breaks: CR \r or LF \n in front of the first boundary and any tailing bytes...

golang: net/http, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...

acari-lib (>=0.1.11 <=0.1.12), acme-rs (>=0.1.0 <=0.2.0) +299 more potentially affected by unknown CVE via multipart (>=0.10.2 <=0.9.1)

multipart CARGO version =0.10.2, =0.1.11, =0.1.0, =0.9.2, =0.2.0, =0.1.0, =0.0.1, =0.1.5, =0.0.1, =0.1.0, =1.0.0, =0.26.1, =0.4.4, =0.26.1 - authenticator =0.3.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0050...

CVE-2023-25576 @fastify/multipart vulnerable to DoS due to unlimited number of parts

@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an...

@adminjs/fastify (>=1.0.0 <=2.0.0), @autotelic/apollo-server-fastify (>=4.0.0 <=4.1.1) +46 more potentially affected by CVE-2021-23597 via fastify-multipart (>=0.2.0 <=5.3.0)

fastify-multipart NPM version =0.2.0, =1.0.0, =4.0.0, =0.0.1, =1.0.0, =1.0.2, =1.1.7, =1.1.7, =0.0.1, =0.0.1-rc2, =0.0.3, =0.0.5, =0.0.0, =0.0.1, =1.0.0, =1.0.1 and more Source cves: CVE-2021-23597 Source advisory: OSV:GHSA-QH73-QC3P-RJV2...

CVE-2012-6109

lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service infinite loop via a crafted Content-Disposion header...

Qualcomm Eudora 5 - MIME MultiPart Boundary Buffer Overflow

Qualcomm Eudora 5 - MIME MultiPart Boundary Buffer Overflow source: https://www.securityfocus.com/bid/5397/info A buffer overflow vulnerability has been reported in Qualcomm's Eudora mail client for Windows systems. The condition occurs if a MIME multipart boundary is of excessive length. Remote...