CVE-2024-24762

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-24762

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24762.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-24762

Aliases

Related

CGA-vg7g-jjc2-3r6j

Published

2024-02-05T15:15:09Z

Modified

2024-08-01T04:58:53.224642Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

python-multipart is a streaming multipart parser for Python. When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options. An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.

References

Affected packages

Git / github.com/encode/starlette

Affected ranges

Type: GIT
Repo: https://github.com/encode/starlette
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

13e5c26a27f4903924624736abd6131b2da80cc5

Type: GIT
Repo: https://github.com/fastapi/fastapi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc

Type: GIT
Repo: https://github.com/kludex/python-multipart
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

20f0ef6b4e4caf7d69a667c54dff57fe467109a4

Type: GIT
Repo: https://github.com/tiangolo/fastapi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7633d1571cc0c2792b766f67172edb9427c66899

Affected versions

0.*

0.0.2

0.0.4

0.0.5

0.0.6

0.1.0

0.1.1

0.1.10

0.1.11

0.1.12

0.1.13

0.1.14

0.1.15

0.1.16

0.1.17

0.1.19

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.100.0

0.100.1

0.101.0

0.101.1

0.102.0

0.103.0

0.103.1

0.103.2

0.104.0

0.104.1

0.105.0

0.106.0

0.107.0

0.108.0

0.109.0

0.11.0

0.11.1

0.11.2

0.11.3

0.11.4

0.12.0

0.12.0.b1

0.12.0.b2

0.12.0.b3

0.12.1

0.12.11

0.12.12

0.12.13

0.12.2

0.12.3

0.12.4

0.12.5

0.12.6

0.12.7

0.12.8

0.12.9

0.13.0

0.13.1

0.13.2

0.13.3

0.13.4

0.13.5

0.13.6

0.13.7

0.13.8

0.14.0

0.14.1

0.14.2

0.15.0

0.16.0

0.17.0

0.17.1

0.18.0

0.19.0

0.19.1

0.2.0

0.2.1

0.2.2

0.2.3

0.20.0

0.20.1

0.20.2

0.20.3

0.20.4

0.21.0

0.22.0

0.23.0

0.23.1

0.24.0

0.25.0

0.26.0

0.26.0.post1

0.26.1

0.27.0

0.27.1

0.27.2

0.28.0

0.29.0

0.29.1

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.3.7

0.30.0

0.30.1

0.31.0

0.31.1

0.32.0

0.32.0.post1

0.33.0

0.34.0

0.35.0

0.35.1

0.36.0

0.36.1

0.37.0

0.38.0

0.38.1

0.39.0

0.4.0

0.4.1

0.4.2

0.40.0

0.41.0

0.42.0

0.43.0

0.44.0

0.44.1

0.45.0

0.46.0

0.47.0

0.47.1

0.48.0

0.49.0

0.49.1

0.49.2

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.50.0

0.51.0

0.52.0

0.53.0

0.53.1

0.53.2

0.54.0

0.54.1

0.54.2

0.55.0

0.55.1

0.56.0

0.56.1

0.57.0

0.58.0

0.58.1

0.59.0

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.60.0

0.60.1

0.60.2

0.61.0

0.61.1

0.61.2

0.62.0

0.63.0

0.64.0

0.65.0

0.65.1

0.65.2

0.65.3

0.66.0

0.66.1

0.67.0

0.68.0

0.68.1

0.68.2

0.69.0

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.70.0

0.70.1

0.71.0

0.72.0

0.73.0

0.74.0

0.74.1

0.75.0

0.75.1

0.75.2

0.76.0

0.77.0

0.77.1

0.78.0

0.79.0

0.79.1

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.8.5

0.8.6

0.8.7

0.8.8

0.80.0

0.81.0

0.82.0

0.83.0

0.84.0

0.85.0

0.85.1

0.85.2

0.86.0

0.87.0

0.88.0

0.89.0

0.89.1

0.9.0

0.9.1

0.9.10

0.9.11

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

0.90.0

0.90.1

0.91.0

0.92.0

0.93.0

0.94.0

0.94.1

0.95.0

0.95.1

0.95.2

0.96.0

0.96.1

0.97.0

0.98.0

0.99.0

0.99.1

v0.*

v0.1.16