27 matches found
UBUNTU-CVE-2026-53537
Python-Multipart is a streaming multipart parser for Python. Prior to...
UBUNTU-CVE-2026-53539
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead...
UBUNTU-CVE-2026-53540
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...
[SECURITY] Fedora 43 Update: python-python-multipart-0.0.32-1.fc43
Python-Multipart is a streaming multipart parser for Python...
[SECURITY] Fedora 44 Update: python-python-multipart-0.0.32-1.fc44
Python-Multipart is a streaming multipart parser for Python...
EUVD-2026-28787
lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...
CVE-2026-29975
lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...
CVE-2026-29975
lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...
PT-2026-39144
Name of the Vulnerable Software and Affected Versions lwjson version 1.8.1 Description Improper input validation in the streaming JSON parser lwjson stream.c occurs because the end-of-string detection logic incorrectly identifies escaped quote characters. The system only checks the immediately...
CVE-2026-29975
lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...
CVE-2026-29062
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constrai...
[SECURITY] Fedora 43 Update: python-python-multipart-0.0.22-1.fc43
Python-Multipart is a streaming multipart parser for Python...
[SECURITY] Fedora 42 Update: python-python-multipart-0.0.22-1.fc42
Python-Multipart is a streaming multipart parser for Python...
CVE-2025-52999
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...
The vulnerability of the python-multipart streaming multi-component parser, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the python-multipart streaming multi-component parser is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the python-multipart streaming multi-component parser lies in the inefficient complexity of regular expressions, allowing attackers to trigger a service failure.
The vulnerability of the python-multipart streaming multi-component parser is related to insufficient input validation when processing the HTTP header “Content-Type” value using regular expressions. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
[SECURITY] Fedora 41 Update: python-python-multipart-0.0.19-1.fc41
Python-Multipart is a streaming multipart parser for Python...
[SECURITY] Fedora 40 Update: python-multipart-0.0.19-1.fc40
Python-Multipart is a streaming multipart parser for Python...
CVE-2024-53981
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...
Litestar allows unbounded resource consumption (DoS vulnerability)
Summary Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allo...