2 matches found
GHSA-6JV3-5F52-599M python-multipart: Semicolon treated as querystring field separator enables parameter smuggling
Summary QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only & as a separator. This creates a parser differential: the same bytes...
CVE-2025-0182
A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial of service through memory exhaustion. The issue arises from the use of a vulnerable version of the starlette package =0.49 via fastapi, which was patched in fastapi version 0.115.3. The vulnerability can be exploited by sending...