98 matches found
CVE-2026-8162
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...
CVE-2026-8159
[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...
CVE-2026-8161
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Content-Disposition filename parameter parsing. An attacker can cause excessive resource consumption...
multiparty vulnerable to ReDoS via filename parsing
Impact [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A multipart upload with a long header value containing !filename="1 repeated can cause regex matching to take seconds, blocking...
@aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9), @aaa-backend-stack/image-service (>=1.16.0 <=1.16.9) +590 more potentially affected by CVE-2026-8159 via multiparty (>=4.0.0 <=4.2.3)
multiparty NPM version =4.0.0, =1.16.0, =1.16.0, =1.16.0, =0.1.155, =1.0.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.58.14, =0.1.0, =1.0.0, =2.101.2 and more Source cves: CVE-2026-8159 Source advisory: SNYK:JS-MULTIPARTY-16790693...
Regular Expression Denial of Service (ReDoS)
Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Content-Disposition filename parameter parsing. An attacker can cause excessive resource consumption and block the...
EUVD-2026-29439
multiparty vulnerable to ReDoS via filename parsing...
NPM: multiparty vulnerable to ReDoS via filename parsing
NPM: multiparty vulnerable to ReDoS via filename parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...
GHSA-65X3-RW7Q-GX94 multiparty vulnerable to ReDoS via filename parsing
Impact [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A multipart upload with a long header value containing !filename="1 repeated can cause regex matching to take seconds, blocking...
multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...
EUVD-2026-29441
multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing...
NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...
GHSA-XH3C-6GCQ-G4RV multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...
Uncaught Exception
Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. A...
multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception
Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property e.g., proto, constructor, toString, the parser invokes .push on the inherited...
@aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9), @aaa-backend-stack/image-service (>=1.16.0 <=1.16.9) +590 more potentially affected by CVE-2026-8161 via multiparty (>=4.0.0 <=4.2.3)
multiparty NPM version =4.0.0, =1.16.0, =1.16.0, =1.16.0, =0.1.155, =1.0.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.58.14, =0.1.0, =1.0.0, =2.101.2 and more Source cves: CVE-2026-8161 Source advisory: SNYK:JS-MULTIPARTY-16790691...
Uncaught Exception
Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. An attacker can...
NPM: multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception
NPM: multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...
EUVD-2026-29440
multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception...