rpm package
suse/python-python-multipart&distro=SUSE Linux Enterprise Server 16.0
pkg:rpm/suse/python-python-multipart&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42561 | Hig | 7.5 | < 0.0.20-160000.4.1 | 0.0.20-160000.4.1 | May 13, 2026 | Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the si | |
| CVE-2026-40347 | Med | 5.3 | < 0.0.20-160000.4.1 | 0.0.20-160000.4.1 | Apr 18, 2026 | Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the | |
| CVE-2026-24486 | — | < 0.0.20-160000.3.1 | 0.0.20-160000.3.1 | Jan 27, 2026 | Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on th |
- affected < 0.0.20-160000.4.1fixed 0.0.20-160000.4.1
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the si
- affected < 0.0.20-160000.4.1fixed 0.0.20-160000.4.1
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the
- CVE-2026-24486Jan 27, 2026affected < 0.0.20-160000.3.1fixed 0.0.20-160000.3.1
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on th