4 matches found
CVE-2026-53538
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...
Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing
Summary Salvo's form data parsing implementations formdata method and Extractible macro do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory OOM conditions by sending extremely large payloads, leading to service crashes and...
CVE-2024-49770 oak's path traversal allows transfer of hidden files within the served root directory
oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...
Denial of Service (DoS)
Overview vapor/vapor is an a server-side Swift HTTP web framework. Affected versions of this package are vulnerable to Denial of Service DoS via URLEncodedFormDecoder. When using automatic content decoding, an attacker can craft a request body that can make the server crash. Details Denial of...