Lucene search
K

4 matches found

RubySec
RubySec
added 2026/04/02 12:0 a.m.32 views

Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads

Summary Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size...

7.5CVSS5.9AI score0.00369EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/22 5:32 p.m.18 views

CVE-2025-32952 io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...

6.5CVSS0.00563EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/09/14 12:0 a.m.5 views

axum 安全漏洞

axum is a Tokio open source web application framework focused on ergonomics and modularity. A security vulnerability exists in axum that stems from the fact that it does not limit the size of files, causing it to run out of memory and crash...

7.5CVSS7.3AI score0.0082EPSS
Exploits1References3
OSV
OSV
added 2021/09/05 7:15 p.m.15 views

CVE-2021-40524

In Pure-FTPd before 1.0.50, an incorrect maxfilesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. Versions 1.0.2...

7.5CVSS6.8AI score
Exploits0References4
Rows per page
Query Builder