Lucene search
K

28 matches found

CVE
CVE
added 2024/10/15 3:45 p.m.359 views

CVE-2024-47874

CVE-2024-47874 (Starlette / FastAPI) : Prior to v0.40.0, Starlette buffers multipart/form-data parts without a filename as text with no size limit, enabling requests that create very large form fields. This can cause excessive memory allocations, high memory usage, and potential OOM conditions, p...

8.7CVSS7AI score0.00658EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.4 views

Starlette 安全漏洞

Starlette is a lightweight ASGI framework/toolkit open-sourced by Encode. It is ideal for building asynchronous web services in Python. Starlette 0.40.0 version of the previous security vulnerability , the vulnerability stems from not targeting users...

8.7CVSS8AI score0.00658EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/06/06 2:15 a.m.6 views

SUSE CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

7.5CVSS7AI score0.01288EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/06/02 2:29 a.m.3 views

SUSE CVE-2023-29159

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette...

7.5CVSS7.7AI score0.02032EPSS
Exploits1References3
PyPA
PyPA
added 2023/04/21 4:15 p.m.5 views

PYSEC-2023-48

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

7.5CVSS7AI score0.01288EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/04/21 4:15 p.m.5 views

UBUNTU-CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

7.5CVSS7.1AI score0.01288EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/04/21 3:27 p.m.30 views

CVE-2023-30798 MultipartParser DOS with too many fields or files in Starlette Framework

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

7.5CVSS7.7AI score0.01288EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/21 3:27 p.m.12 views

CVE-2023-30798 MultipartParser DOS with too many fields or files in Starlette Framework

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

7.5CVSS7.5AI score0.01288EPSS
Exploits0References3
Rows per page
Query Builder