Vulnerability Description
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Encode | Starlette | < 0.25.0 |
Related Weaknesses (CWE)
References
- https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea193Patch
- https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3xMitigationVendor Advisory
- https://vulncheck.com/advisories/starlette-multipartparser-dosPatchThird Party Advisory
- https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea193Patch
- https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3xMitigationVendor Advisory
- https://vulncheck.com/advisories/starlette-multipartparser-dosPatchThird Party Advisory
FAQ
What is CVE-2023-30798?
CVE-2023-30798 is a vulnerability with a CVSS score of 7.5 (HIGH). There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause ex...
How severe is CVE-2023-30798?
CVE-2023-30798 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-30798?
Check the references section above for vendor advisories and patch information. Affected products include: Encode Starlette.