7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.6%
python-multipart
is a streaming multipart parser for Python. When using form data, python-multipart
uses a Regular Expression to parse the HTTP Content-Type
header, including options. An attacker could send a custom-made Content-Type
option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can’t handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | python-multipart | <= 0.0.5-3 | python-multipart_0.0.5-3_all.deb |
Debian | 11 | all | python-multipart | <= 0.0.5-2 | python-multipart_0.0.5-2_all.deb |
Debian | 999 | all | python-multipart | < 0.0.9-1 | python-multipart_0.0.9-1_all.deb |
Debian | 13 | all | python-multipart | < 0.0.9-1 | python-multipart_0.0.9-1_all.deb |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.6%