diff options
| author | Jacob Walls <jacobtylerwalls@gmail.com> | 2026-03-24 15:53:27 -0400 |
|---|---|---|
| committer | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2026-05-05 14:33:27 +0200 |
| commit | 5a89e341bfc77dd67b7fd57b7091b6430558e1f4 (patch) | |
| tree | eda11f2a0d23e74eb8ff6111a44ee2c0d19990fa /scripts | |
| parent | d75d57c2c06934a65feabd206129b9d1a230a1da (diff) | |
Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in MemoryFileUploadHandler on ASGI.
In ASGI deployments, Content-Length is not guaranteed to reflect the
actual request body size, so relying on it to gate memory allocation
allowed the limit to be bypassed. The handler now enforces
DATA_UPLOAD_MAX_MEMORY_SIZE regardless of the declared header value.
Thanks to Kyle Agronick for the report. Refs #35289.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions
