Duplicate Advisory: Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files

GHSA-3qj8-93xh-pwh2

Published Apr 21, 2023 · Modified Nov 28, 2024

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-74m5-2c7w-9w3x. This link is maintained to preserve external references.

Original Description

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

References

WEB https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-30798
WEB https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
PACKAGE https://github.com/encode/starlette
WEB https://vulncheck.com/advisories/starlette-multipartparser-dos

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes