Home > Vulnerability Database > WS-2023-0037

Mend.io Vulnerability Database

WS-2023-0037

Good to know:

Date: February 14, 2023

A Denial of Service (DoS) vulnerability was discovered in starlette prior to 0.25.0. The MultipartParser using the package python-multipart accepts an unlimited number of multipart parts (form fields or files). Processing too many parts results in high CPU usage and high memory usage, eventually leading to an OOM process kill. This can be triggered by sending too many small form fields with no content, or too many empty files.

Language: Python

Severity Score

7.5

Related Resources (2)

Url: https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa

Url: https://www.mend.io/vulnerability-database/WS-2023-0037

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version starlette - 0.25.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2023-0037

Good to know:

Date: February 14, 2023

Language: Python

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?