Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistVulnCheckCVELIST:CVE-2023-30798
HistoryApr 21, 2023 - 3:27 p.m.

CVE-2023-30798 MultipartParser DOS with too many fields or files in Starlette Framework

2023-04-2115:27:47
CWE-400
VulnCheck
www.cve.org
cve-2023-30798
multipartparser
dos
starlette framework
http service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

65.3%

JSON

There MultipartParser usage in Encode’s Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

CNA Affected

[
  {
    "collectionURL": "https://pypi.org/project/starlette/",
    "defaultStatus": "unaffected",
    "packageName": "starlette",
    "platforms": [
      "all"
    ],
    "product": "Starlette",
    "repo": "https://github.com/encode/starlette",
    "vendor": "Encode",
    "versions": [
      {
        "lessThan": "0.25.0",
        "status": "affected",
        "version": "0",
        "versionType": "python"
      }
    ]
  }
]

Related

osv 4
cve 1
github 1
veracode 1
nvd 1
ibm 2
prion 1
debiancve 1
ubuntucve 1
osv
osv
CVE-2023-30798
2023-04-21 16:15:07
MultipartParser denial of service with too many fields or files
2023-02-14 21:31:28
Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
2023-04-21 18:30:24
cve
cve
CVE-2023-30798
2023-04-21 16:15:07
github
github
Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
2023-04-21 18:30:24
veracode
veracode
Denial Of Service (DoS)
2023-02-16 03:53:14
nvd
nvd
CVE-2023-30798
2023-04-21 16:15:07
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to [CVE-2023-30798]
2023-04-28 11:41:15
Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2023
2023-06-26 16:40:31
prion
prion
Design/Logic Flaw
2023-04-21 16:15:00
debiancve
debiancve
CVE-2023-30798
2023-04-21 16:15:07
ubuntucve
ubuntucve
CVE-2023-30798
2023-04-21 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

65.3%

JSON
Related for CVELIST:CVE-2023-30798
osv4cve1github1veracode1nvd1ibm2prion1debiancve1ubuntucve1