CVE-2020-36661: Kong lua-multipart multipart.lua is_header redos

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-36661

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Kong lua-multipart multipart.lua is_header redos

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The patch is identified as d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

CWE-1333

Source: NVD (National Vulnerability Database)

Vulnerability Title

lua-multipart 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

lua-multipart是用于解析和编辑multipart/form-data数据的 Lua 库。 Kong lua-multipart 0.5.8-1版本存在安全漏洞。攻击者利用该漏洞降低了正则表达式复杂性。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Kong	lua-multipart	0.5.8-1	-

II. Public POCs for CVE-2020-36661

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-36661

Please Login to view more intelligence information

https://vuldb.com/?ctiid.220642signaturepermissions-required
https://github.com/Kong/lua-multipart/releases/tag/0.5.9-1patch
https://github.com/Kong/lua-multipart/commit/d632e5df43a2928fd537784a99a79dec288bf01bpatch
https://github.com/Kong/lua-multipart/pull/34issue-tracking
https://vuldb.com/?id.220642vdb-entrytechnical-description
https://nvd.nist.gov/vuln/detail/CVE-2020-36661

New Vulnerabilities

Vendor: Kong

CVE-2025-1353
Kong Insomnia profapi.dll untrusted search path

Same weakness: CWE-1333

V. Comments for CVE-2020-36661

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2020-36661

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-36661

III. Intelligence Information for CVE-2020-36661

New Vulnerabilities

V. Comments for CVE-2020-36661

Leave a comment