Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FastapiexpertPython-multipart*

3 matches found

CVE
CVEadded 2024/02/05 2:33 p.m.431 views

CVE-2024-24762

CVE-2024-24762 affects python-multipart and describes a ReDoS in parsing the HTTP Content-Type header (options). An attacker can send a crafted Content-Type to exhaust CPU and stall the event loop. The vulnerability is fixed in version 0.0.7 by upstream patching the regex. Remediation is to upgra...

7.5CVSS7.2AI score0.01523EPSS
CVE
CVEadded 2026/04/17 11:56 p.m.76 views

CVE-2026-40347

The CVE-2026-40347 entry concerns Python-Multipart. Versions prior to 0.0.26 are vulnerable to a denial-of-service when parsing crafted multipart/form-data with large preambles/epilogues. The fix (0.0.26+) skips ahead on leading CR/LF data and discards epilogue data after the closing boundary. Af...

5.3CVSS5.8AI score0.00351EPSS
CVE
CVEadded 2026/01/27 12:34 a.m.61 views

CVE-2026-24486

CVE-2026-24486 affects the Python-Multipart project. Prior to 0.0.22, non-default configuration options UPLOAD_DIR and UPLOAD_KEEP_FILENAME=True allow path traversal enabling writing uploaded files to arbitrary filesystem locations. Mitigation is upgrading to 0.0.22 or avoiding UPLOAD_KEEP_FILENA...

8.6CVSS6AI score0.01761EPSS
Web