- What: Python-Multipart contains vulnerabilities including a regular expression denial of service, improper sanitization of line breaks, and path traversal issues.
- Impact: An attacker could cause excessive resource consumption, prevent requests from being processed, or execute remote code.
- Affected: Ubuntu 22.04 LTS (CVE-2024-24762), Ubuntu 24.04 LTS (CVE-2024-53981).
- CVE: CVE-2024-24762, CVE-2024-53981, CVE-2026-24486
It was discovered that Python-Multipart incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Python-Multipart to consume excessive resources, leading to a regular expression denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2024-24762) It was discovered that Python-Multipart did not properly sanitize line breaks during user input. An attacker could use this issue to send arbitrary input, thus preventing other requests from being processed, resulting in a denial of service. This issue was only fixed in Ubuntu 24.04 LTS. (CVE-2024-53981) It was discovered that Python-Multipart was vulnerable to path traversal attacks. An attacker could possibly craft and upload files outside the target directory, resulting in remote code execution. (CVE-2026-24486)