CVE-2023-30798

Опубликовано: 21 апр. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

Ссылки

https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
Patch
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
Mitigation
Vendor Advisory
https://vulncheck.com/advisories/starlette-multipartparser-dos
Patch
Third Party Advisory
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
Patch
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
Mitigation
Vendor Advisory
https://vulncheck.com/advisories/starlette-multipartparser-dos
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:encode:starlette:*:*:*:*:*:python:*:*

Версия до 0.25.0 (исключая)

EPSS

Процентиль: 74%

0.00827

Низкий

7.5 High

CVSS3

Дефекты

CWE-400

Связанные уязвимости

CVE-2023-30798

CVSS3: 7.5

ubuntu

почти 3 года назад

CVE-2023-30798

CVSS3: 7.5

debian

почти 3 года назад

There MultipartParser usage in Encode's Starlette python framework bef ...

GHSA-74m5-2c7w-9w3x

CVSS3: 7.5

github

почти 3 года назад

MultipartParser denial of service with too many fields or files

EPSS

Процентиль: 74%

0.00827

Низкий

7.5 High

CVSS3

Дефекты

CWE-400