8 matches found
CVE-2026-40347
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...
CVE-2026-40347
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...
CVE-2026-40347 Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...
python-multipart affected by Denial of Service via large multipart preamble or epilogue data
Summary A denial of service vulnerability exists when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Details Two inefficient multipart parsing paths could be abused with attacker-controlled input. Before the first multipart boundary, the parser handled...
PT-2026-33212
Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.26 Description An issue exists when parsing crafted multipart/form-data requests containing large preamble or epilogue sections. Two inefficient parsing paths can be abused: the parser handles leading CR...
PYSEC-2024-278
A vulnerability was found in LangChain langchaincommunity 0.0.26. It has been classified as critical. Affected is the function loadlocal in the library libs/community/langchaincommunity/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It ...
Malicious Package in ngx-context-menu
Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
GHSA-XWG3-GJXH-C8PM Malicious Package in ngx-context-menu
Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...