7.5

CVE-2023-30798

MultipartParser DOS with too many fields or files in Starlette Framework

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EncodeStarlette SwPlatformpython Version < 0.25.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.29% 0.664
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
disclosure@vulncheck.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
Patch
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
Vendor Advisory
Mitigation
https://vulncheck.com/advisories/starlette-multipartparser-dos
Patch
Third Party Advisory