CVE-2026-8468

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser could accumulate unbounded data when the header block of a multipart part never ended with the required blank line CRLFCRLF. The parser continuously stored incoming bytes in memory...

CVE-2026-8468

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

CRLF Injection

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to CRLF Injection through the FormDataPart multipart header construction in the form-data streaming helper. An attacker can inject arbitrary multipart header...

MGASA-2025-0296 Updated apache-commons-fileupload packages fix security vulnerability

Apache Commons FileUpload: FileUpload DoS via part headers. CVE-2025-48976...

Updated apache-commons-fileupload packages fix security vulnerability

Apache Commons FileUpload: FileUpload DoS via part headers. CVE-2025-48976...

CVE-2025-61772 Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...

CVE-2025-61772 Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...

CVE-2025-61772

Rack’s CVE-2025-61772 affects Rack::Multipart::Parser, which can accumulate unbounded per-part headers if a multipart part header never ends with a blank line. This leads to memory exhaustion and DoS on affected versions prior to 2.2.19, 3.1.17, and 3.2.2. The fix caps per-part header size (e.g.,...

Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

Summary Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of...

CVE-2025-48976

CVE-2025-48976 is a DoS in Apache Commons FileUpload caused by allocation of resources for multipart headers with insufficient limits. Affected: 1.0 before 1.6 and 2.0.0-M1 before 2.0.0-M4. Impact: potential high-availability disruption. Remediation: upgrade to 1.6 or 2.0.0-M4 (as stated in multi...

Metamail Format String And Buffer Overflow (CVE-2004-0104)

Metamail is a system for handling multimedia mail, using the mailcapfile. Metamail reads the mailcap file, which tells Metamail what helper program to call in order to handle a particular type of non-text mail. There exist multiple vulnerabilities in MetaMail that may provide for arbitrary code...