CVE-2023-30798

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-30798

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-30798.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-30798

Aliases

Related

Published

2023-04-21T16:15:07Z

Modified

2025-01-08T14:57:28.309916Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

References

Affected packages

Debian:11 / starlette

Package

Name: starlette
Purl: pkg:deb/debian/starlette?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.14.1-1

0.16.0-1

0.18.0-1

0.20.4-1

0.23.1-1

0.24.0-1

0.25.0-1

0.25.0-2

0.26.1-1

0.28.0-1

0.30.0-1

0.31.1-1

0.37.2-1

0.38.2-1

0.39.1-1

0.39.2-1

0.41.0-1

0.41.2-1

0.41.3-1

0.41.3-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / starlette

Package

Name: starlette
Purl: pkg:deb/debian/starlette?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.25.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / starlette

Package

Name: starlette
Purl: pkg:deb/debian/starlette?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.25.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/encode/starlette

Affected ranges

Type: GIT
Repo: https://github.com/encode/starlette
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8c74c2c8dba7030154f8af18e016136bea1938fa

Fixed

8c74c2c8dba7030154f8af18e016136bea1938fa

Affected versions

0.*

0.1.0

0.1.1

0.1.10

0.1.11

0.1.12

0.1.13

0.1.14

0.1.15

0.1.16

0.1.17

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.10.0

0.10.1

0.10.4

0.11.1

0.11.2

0.11.3

0.11.4

0.12.0

0.12.0.b1

0.12.0.b2

0.12.0.b3

0.12.11

0.12.12

0.12.13

0.12.2

0.12.3

0.12.4

0.12.5

0.12.6

0.12.7

0.12.8

0.12.9

0.13.0

0.13.1

0.13.2

0.13.3

0.13.4

0.13.5

0.13.6

0.13.7

0.13.8

0.14.0

0.14.1

0.14.2

0.15.0

0.16.0

0.17.0

0.17.1

0.18.0

0.19.0

0.19.1

0.2.0

0.2.1

0.2.2

0.2.3

0.20.0

0.20.1

0.20.2

0.20.3

0.20.4

0.21.0

0.22.0

0.23.0

0.23.1

0.24.0

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.3.7

0.4.0

0.4.1

0.4.2

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.6.1

0.6.2

0.6.3

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.8.5

0.8.6

0.8.7

0.8.8

0.9.0

0.9.1

0.9.10

0.9.11

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9