7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
65.3%
There MultipartParser usage in Encode’s Starlette python framework before
versions 0.25.0 allows an unauthenticated and remote attacker to specify
any number of form fields or files which can cause excessive memory usage
resulting in denial of service of the HTTP service.
github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa (0.25.0)
github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
launchpad.net/bugs/cve/CVE-2023-30798
nvd.nist.gov/vuln/detail/CVE-2023-30798
security-tracker.debian.org/tracker/CVE-2023-30798
vulncheck.com/advisories/starlette-multipartparser-dos
www.cve.org/CVERecord?id=CVE-2023-30798