VYPR

Multiparty

by Pillarjs

Source repositories

CVEs (3)

  • CVE-2026-8162HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.00

    multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename* parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value…

  • CVE-2026-8161HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.00

    multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as __proto__, constructor, or toString, the parser invokes…

  • CVE-2026-8159HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.00

    multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event…