CNNVD-202601-4437 Information
CNNVD ID
CNNVD-202601-4437
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
python-multipart是Marcelo Trylesinski个人开发者的一个Python的流式多部分解析器。 Python-Multipart 0.0.22之前版本存在路径遍历漏洞,该漏洞源于使用非默认配置选项UPLOAD_DIR和UPLOAD_KEEP_FILENAME=True时存在路径遍历问题,可能导致上传文件到任意位置。
Description (English)
Python-multipart is a current Python multi-part resolutioner for Marcelo Trilesinski personal developer. There is a path-wide loophole in the pre-Python-Multipart 0.0.22 version, which results from the use of the non-default configuration options UPLOAD DIR and UPLOAD KEP FILENEAME=True, which can lead to uploading the file to any location.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
个人开发者
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4 https://github.com/Kludex/python-multipart/releases/tag/0.0.22 https://github.com/Kludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg https://access.redhat.com/security/cve/cve-2026-24486
Patch
https://github.com/Kludex/python-multipart/releases
Share on: