CVE-2026-8162
- EPSS 0.28%
- Veröffentlicht 12.05.2026 09:05:12
- Zuletzt bearbeitet 13.05.2026 14:43:47
multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename* parameter contains a malformed percent-encoding, the parser inv...
CVE-2026-8161
- EPSS 0.47%
- Veröffentlicht 12.05.2026 08:50:37
- Zuletzt bearbeitet 13.05.2026 14:43:57
multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as __proto__, constructor, or to...
CVE-2026-8159
- EPSS 0.34%
- Veröffentlicht 12.05.2026 08:35:39
- Zuletzt bearbeitet 13.05.2026 14:44:31
multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take sec...