Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-30798
HistoryApr 21, 2023 - 4:15 p.m.

CVE-2023-30798

2023-04-2116:15:07
CWE-400
[email protected]
web.nvd.nist.gov
27
cve-2023-30798
multipartparser
encode
starlette
python
framework
denial of service
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

65.3%

JSON

There MultipartParser usage in Encode’s Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

Affected configurations

NVD
Node
encodestarletteRange<0.25.0python

CNA Affected

[
  {
    "collectionURL": "https://pypi.org/project/starlette/",
    "defaultStatus": "unaffected",
    "packageName": "starlette",
    "platforms": [
      "all"
    ],
    "product": "Starlette",
    "repo": "https://github.com/encode/starlette",
    "vendor": "Encode",
    "versions": [
      {
        "lessThan": "0.25.0",
        "status": "affected",
        "version": "0",
        "versionType": "python"
      }
    ]
  }
]

Related

osv 4
github 1
veracode 1
cvelist 1
nvd 1
debiancve 1
ubuntucve 1
prion 1
ibm 2
osv
osv
CVE-2023-30798
2023-04-21 16:15:07
MultipartParser denial of service with too many fields or files
2023-02-14 21:31:28
Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
2023-04-21 18:30:24
github
github
Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
2023-04-21 18:30:24
veracode
veracode
Denial Of Service (DoS)
2023-02-16 03:53:14
cvelist
cvelist
CVE-2023-30798 MultipartParser DOS with too many fields or files in Starlette Framework
2023-04-21 15:27:47
nvd
nvd
CVE-2023-30798
2023-04-21 16:15:07
debiancve
debiancve
CVE-2023-30798
2023-04-21 16:15:07
ubuntucve
ubuntucve
CVE-2023-30798
2023-04-21 00:00:00
prion
prion
Design/Logic Flaw
2023-04-21 16:15:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to [CVE-2023-30798]
2023-04-28 11:41:15
Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2023
2023-06-26 16:40:31

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

65.3%

JSON
Related for CVE-2023-30798
osv4github1veracode1cvelist1nvd1debiancve1ubuntucve1prion1ibm2