VYPR
Vendor

Pillarjs

Products
3
CVEs
8
Across products
8
Status
Private

Products

3

Recent CVEs

8
  • CVE-2026-8162HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.00

    multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename* parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value…

  • CVE-2026-4867HigMar 26, 2026
    risk 0.49cvss 7.5epss 0.01

    Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-regexp@0.1.12 only prevents…

  • CVE-2024-52798HigDec 5, 2024
    risk 0.43cvss epss 0.01

    path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of…

  • CVE-2026-8161HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.00

    multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as __proto__, constructor, or toString, the parser invokes…

  • CVE-2026-8159HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.00

    multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event…

  • CVE-2026-4926HigMar 26, 2026
    risk 0.42cvss 7.5epss 0.00

    Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. …

  • CVE-2024-45296HigSep 9, 2024
    risk 0.42cvss 7.5epss 0.01

    path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance…

  • CVE-2026-4923MedMar 26, 2026
    risk 0.31cvss 5.9epss 0.00

    Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: …