{"id":"CVE-2020-36661","details":"A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The patch is identified as d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability.","modified":"2026-04-10T04:26:01.088781Z","published":"2023-02-12T21:15:10.650Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.220642"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.220642"},{"type":"FIX","url":"https://github.com/Kong/lua-multipart/pull/34"},{"type":"FIX","url":"https://github.com/Kong/lua-multipart/releases/tag/0.5.9-1"},{"type":"FIX","url":"https://github.com/Kong/lua-multipart/commit/d632e5df43a2928fd537784a99a79dec288bf01b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kong/lua-multipart","events":[{"introduced":"0"},{"last_affected":"ce365f63cf9a9f31e8e12bacc75f4e3b6e91f756"},{"fixed":"d632e5df43a2928fd537784a99a79dec288bf01b"},{"fixed":"46d7804efa69146abc39415254687b5a7b507fe1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.5.8-1"}]}}],"versions":["0.1-2","0.1-3","0.2-1","0.3-2","0.4-1","0.5-1","0.5.2-1","0.5.2-2","0.5.3-1","0.5.4-1","0.5.5-1","0.5.6-1","0.5.7-1","0.5.8-1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36661.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}