Suggestions search

All statuses

Filter by:

With package: python312Packages.python-multipart

Found 3 matching suggestions

View:

Compact

Detailed

Published

Permalink CVE-2026-42561

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 1 week, 3 days ago by @LeSuisse Activity log

Created suggestion 1 week, 4 days ago
@LeSuisse accepted 1 week, 3 days ago
@LeSuisse published on GitHub 1 week, 3 days ago

Python-Multipart: Denial of Service via unbounded multipart part headers

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many repeated headers without terminating the header block or a single very large header value, causing excessive CPU work before request rejection or completion. This vulnerability is fixed in 0.0.27.

References

https://github.com/Kludex/python-multipart/security/advisories/GHSA-pp6c-gr5w-3c5g x_refsource_CONFIRM

Affected products

python-multipart

==< 0.0.27

Matching in nixpkgs

pkgs.python312Packages.python-multipart

Streaming multipart parser for Python

nixos-25.11 0.0.20
- nixos-25.11-small 0.0.20
- nixpkgs-25.11-darwin 0.0.20

pkgs.python313Packages.python-multipart

Streaming multipart parser for Python

nixos-unstable 0.0.22
- nixpkgs-unstable 0.0.22
- nixos-unstable-small 0.0.22
nixos-25.11 0.0.20
- nixos-25.11-small 0.0.20
- nixpkgs-25.11-darwin 0.0.20

pkgs.python314Packages.python-multipart

Streaming multipart parser for Python

nixos-unstable 0.0.22
- nixpkgs-unstable 0.0.22
- nixos-unstable-small 0.0.22

Package maintainers

@risicle Robert Scott <code@humanleg.org.uk>

Published

Permalink CVE-2026-40347

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.

References

https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj x_refsource_CONFIRM

Ignored references (1)

https://github.com/Kludex/python-multipart/releases/tag/0.0.26 x_refsource_MISC

Affected products

python-multipart

==< 0.0.26

Matching in nixpkgs

pkgs.python312Packages.python-multipart

Streaming multipart parser for Python

nixos-25.11 0.0.20
- nixos-25.11-small 0.0.20
- nixpkgs-25.11-darwin 0.0.20

pkgs.python313Packages.python-multipart

Streaming multipart parser for Python

nixos-unstable 0.0.21
- nixpkgs-unstable 0.0.21
- nixos-unstable-small 0.0.21
nixos-25.11 0.0.20
- nixos-25.11-small 0.0.20
- nixpkgs-25.11-darwin 0.0.20

pkgs.python314Packages.python-multipart

Streaming multipart parser for Python

nixos-unstable 0.0.21
- nixpkgs-unstable 0.0.21
- nixos-unstable-small 0.0.21

Package maintainers

@risicle Robert Scott <code@humanleg.org.uk>

Untriaged

Permalink CVE-2026-24486

8.6 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): High (H)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): Low (L)

created 3 months, 3 weeks ago Activity log

Created suggestion 3 months, 3 weeks ago

Python-Multipart has Arbitrary File Write via Non-Default Configuration

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations.

References

https://github.com/Kludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg x_refsource_CONFIRM
https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4 x_refsource_MISC
https://github.com/Kludex/python-multipart/releases/tag/0.0.22 x_refsource_MISC

Affected products

python-multipart

==< 0.0.22

Matching in nixpkgs

pkgs.python312Packages.python-multipart

Streaming multipart parser for Python

nixos-unstable 0.0.20
- nixpkgs-unstable 0.0.20
- nixos-unstable-small 0.0.20

pkgs.python313Packages.python-multipart

Streaming multipart parser for Python

nixos-unstable 0.0.20
- nixpkgs-unstable 0.0.20
- nixos-unstable-small 0.0.20

Package maintainers

@risicle Robert Scott <code@humanleg.org.uk>