Lucene search

Veracode Vulnerability DatabaseVERACODE:39286

HistoryFeb 16, 2023 - 3:53 a.m.

Denial Of Service (DoS)

2023-02-1603:53:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

starlette

vulnerability

denial of service

multipartparser

application crash

multipart/form-data

0.003 Low

EPSS

Percentile

65.3%

JSON

starlette is vulnerable to Denial Of Service (DoS). The vulnerability exists because the library does not properly limit the number of fields and files when parsing multipart/form-data in the MultipartParser function, allowing an attacker to cause an application crash by sending too many small form fields with no content or many empty files.

CPENameOperatorVersion
starlettele0.24.0
starlettele0.24.0

CPE	Name	Operator	Version
	starlette	le	0.24.0
	starlette	le	0.24.0

References

github.com/advisories/GHSA-74m5-2c7w-9w3x

github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa

github.com/encode/starlette/pull/2036

github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x

vulncheck.com/advisories/starlette-multipartparser-dos

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for VERACODE:39286