Home > Vulnerability Database > CVE-2023-30798

Mend.io Vulnerability Database

CVE-2023-30798

Good to know:

Date: April 21, 2023

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

Language: Python

Severity Score

7.5

Related Resources (7)

Url: https://vulncheck.com/advisories/starlette-multipartparser-dos

Url: https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa

Url: https://github.com/encode/starlette

Url: https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x

Url: https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2023-48.yaml

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-30798

Url: https://www.mend.io/vulnerability-database/CVE-2023-30798

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version starlette - 0.25.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-30798

Good to know:

Date: April 21, 2023

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?