Encode Starlette 0.22.0 for Python

CPE Details

Encode Starlette 0.22.0 for Python
encode
starlette
0.22.0
2023-04-27
14h25 +00:00
2023-05-01
11h23 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:encode:starlette:0.22.0:*:*:*:*:python:*:*

Informations

Vendor

encode

Product

starlette

Version

0.22.0

Target Software

python

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-24762 2024-02-05 14h33 +00:00 `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.
7.5
High
CVE-2023-29159 2023-05-31 22h00 +00:00 Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
7.5
High
CVE-2023-30798 2023-04-21 15h27 +00:00 There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.