Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
PillarjsMultiparty

3 matches found

CVE
CVEadded 2026/05/12 8:50 a.m.48 views

CVE-2026-8161

This CVE affects [email protected] and earlier, where the parser stores fields/files on plain objects and can collide with inherited Object.prototype properties (e.g., proto , constructor, toString). The root cause is prototype pollution leading to a TypeError when .push() is invoked on a non-arra...

7.5CVSS5.8AI score0.00473EPSS
Web
CVE
CVEadded 2026/05/12 9:5 a.m.21 views

CVE-2026-8162

The CVE-2026-8162 entry affects multiparty (versions 4.2.3 and earlier) where a multipart/form-data request with a Content-Disposition filename* contains malformed percent-encoding. The parser calls decodeURI without a try/catch, causing a URIError to propagate as an uncaught exception and crash ...

7.5CVSS5.8AI score0.00279EPSS
CVE
CVEadded 2026/05/12 8:35 a.m.16 views

CVE-2026-8159

CVE-2026-8159 affects multiparty versions 4.2.3 and older, where the Content-Disposition filename parameter parser is vulnerable to denial-of-service via regex backtracking. A crafted multipart upload with a long header value can cause the regex engine to backtrack for seconds, blocking the event...

7.5CVSS5.8AI score0.00335EPSS