exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 7

CVE-2026-24486

13 дней назад

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations.

CVSS3: 8.6

EPSS: Низкий

CVE-2026-24486

13 дней назад

CVSS3: 8.6

EPSS: Низкий

CVE-2026-24486

13 дней назад

Python-Multipart is a streaming multipart parser for Python. Prior to ...

CVSS3: 8.6

EPSS: Низкий

openSUSE-SU-2026:20125-1

11 дней назад

Security update for python-python-multipart

EPSS: Низкий

SUSE-SU-2026:0307-1

12 дней назад

Security update for python-python-multipart

EPSS: Низкий

GHSA-wp53-j4wj-2cfg

13 дней назад

Python-Multipart has Arbitrary File Write via Non-Default Configuration

CVSS3: 8.6

EPSS: Низкий

BDU:2026-01058

15 дней назад

Уязвимость конфигурации UPLOAD_DIR и UPLOAD_KEEP_FILENAME=True потокового многокомпонентного парсера python-multipart, позволяющая нарушителю записывать произвольные файлы

CVSS3: 8.6

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2026-24486 Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations.	CVSS3: 8.6	0% Низкий	13 дней назад
CVE-2026-24486 Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations.	CVSS3: 8.6	0% Низкий	13 дней назад
CVE-2026-24486 Python-Multipart is a streaming multipart parser for Python. Prior to ...	CVSS3: 8.6	0% Низкий	13 дней назад
openSUSE-SU-2026:20125-1 Security update for python-python-multipart		0% Низкий	11 дней назад
SUSE-SU-2026:0307-1 Security update for python-python-multipart		0% Низкий	12 дней назад
GHSA-wp53-j4wj-2cfg Python-Multipart has Arbitrary File Write via Non-Default Configuration	CVSS3: 8.6	0% Низкий	13 дней назад
BDU:2026-01058 Уязвимость конфигурации UPLOAD_DIR и UPLOAD_KEEP_FILENAME=True потокового многокомпонентного парсера python-multipart, позволяющая нарушителю записывать произвольные файлы	CVSS3: 8.6	0% Низкий	15 дней назад

Уязвимостей на страницу