diff options
| author | Natalia <124304+nessita@users.noreply.github.com> | 2026-03-11 10:26:18 -0300 |
|---|---|---|
| committer | Jacob Walls <jacobtylerwalls@gmail.com> | 2026-04-07 07:12:27 -0400 |
| commit | 953c238058c0ce387a1a41cb491bfc1875d73ad0 (patch) | |
| tree | e340c882d507601c37f8696df3076aba53fe35a6 /scripts | |
| parent | 7e9885f99cee771b51692fadc5592bdbf19641aa (diff) | |
Fixed CVE-2026-33034 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE on body size in ASGI requests.
The `body` property in `HttpRequest` checks DATA_UPLOAD_MAX_MEMORY_SIZE
against the declared `Content-Length` header before reading. On the ASGI
path, chunked requests carry no `Content-Length`, so the check evaluated
to 0 and always passed regardless of the actual body size.
This work adds a new check on the actual number of bytes consumed.
Thanks to Superior for the report, and to Jake Howard and Jacob Walls
for reviews.
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions
