Inefficient Algorithmic Complexity

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the QuerystringParser function when parsing application/x-www-form-urlencoded bodies containing semicolon-separated fields. An attacker...

GHSA-6JV3-5F52-599M python-multipart: Semicolon treated as querystring field separator enables parameter smuggling

Summary QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only & as a separator. This creates a parser differential: the same bytes...

python-multipart: Semicolon treated as querystring field separator enables parameter smuggling

Summary QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only & as a separator. This creates a parser differential: the same bytes...

Moderate: Red Hat Security Advisory: rh-nodejs6-nodejs-qs security update

An update for rh-nodejs6-nodejs-qs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...