Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-3QJ8-93XH-PWH2
HistoryApr 21, 2023 - 6:30 p.m.

Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files

2023-04-2118:30:24
CWE-400
GitHub Advisory Database
github.com
43
starlette
vulnerability
multipartparser
python
framework
denial of service
http

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

65.3%

JSON

There MultipartParser usage in Encode’s Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

Affected configurations

Vulners
Node
encodestarletteRange<0.25.0
CPENameOperatorVersion
starlettelt0.25.0

Related

osv 4
cve 1
veracode 1
cvelist 1
nvd 1
debiancve 1
ubuntucve 1
prion 1
ibm 2
osv
osv
CVE-2023-30798
2023-04-21 16:15:07
MultipartParser denial of service with too many fields or files
2023-02-14 21:31:28
Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
2023-04-21 18:30:24
cve
cve
CVE-2023-30798
2023-04-21 16:15:07
veracode
veracode
Denial Of Service (DoS)
2023-02-16 03:53:14
cvelist
cvelist
CVE-2023-30798 MultipartParser DOS with too many fields or files in Starlette Framework
2023-04-21 15:27:47
nvd
nvd
CVE-2023-30798
2023-04-21 16:15:07
debiancve
debiancve
CVE-2023-30798
2023-04-21 16:15:07
ubuntucve
ubuntucve
CVE-2023-30798
2023-04-21 00:00:00
prion
prion
Design/Logic Flaw
2023-04-21 16:15:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to [CVE-2023-30798]
2023-04-28 11:41:15
Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2023
2023-06-26 16:40:31

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

65.3%

JSON
Related for GHSA-3QJ8-93XH-PWH2
osv4cve1veracode1cvelist1nvd1debiancve1ubuntucve1prion1ibm2