Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses

Filter by:

With package: python312Packages.starlette-wtf

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2023-30798

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months ago

MultipartParser DOS with too many fields or files in Starlette Framework

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

References

https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory x_transferred
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… x_transferred patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory x_transferred
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patch
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory x_transferred
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… x_transferred patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory x_transferred
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory x_transferred
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… x_transferred patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory x_transferred
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory x_transferred
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… x_transferred patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory x_transferred
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory x_transferred
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… x_transferred patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory x_transferred

Affected products

starlette

<0.25.0

Matching in nixpkgs

pkgs.python312Packages.starlette

Little ASGI framework that shines

nixos-unstable -
- nixpkgs-unstable 0.47.2

pkgs.python313Packages.starlette

Little ASGI framework that shines

nixos-unstable -
- nixpkgs-unstable 0.47.2

pkgs.python312Packages.sse-starlette

Server Sent Events for Starlette and FastAPI

nixos-unstable -
- nixpkgs-unstable 3.0.2

pkgs.python312Packages.starlette-wtf

Simple tool for integrating Starlette and WTForms

nixos-unstable -
- nixpkgs-unstable 0.4.5

pkgs.python313Packages.sse-starlette

Server Sent Events for Starlette and FastAPI

nixos-unstable -
- nixpkgs-unstable 3.0.2

pkgs.python313Packages.starlette-wtf

Simple tool for integrating Starlette and WTForms

nixos-unstable -
- nixpkgs-unstable 0.4.5

pkgs.python312Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

nixos-unstable -
- nixpkgs-unstable 0.15.1

pkgs.python313Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

nixos-unstable -
- nixpkgs-unstable 0.15.1

pkgs.python312Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request

nixos-unstable -
- nixpkgs-unstable 0.4.0

pkgs.python313Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request

nixos-unstable -
- nixpkgs-unstable 0.4.0

pkgs.python312Packages.starlette-compress

Compression middleware for Starlette - supporting ZStd, Brotli, and GZip

nixos-unstable -
- nixpkgs-unstable 1.6.1

pkgs.python313Packages.starlette-compress

Compression middleware for Starlette - supporting ZStd, Brotli, and GZip

nixos-unstable -
- nixpkgs-unstable 1.6.1

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@wd15 Daniel Wheeler <daniel.wheeler2@gmail.com>
@pbsds Peder Bergebakken Sundt <pbsds@hotmail.com>
@Zaczero Kamil Monicz <kamil@monicz.dev>
@wrvsrx wrvsrx <wrvsrx@outlook.com>
@yuyuyureka Yureka <yuka@yuka.dev>
@johannwagner Johann Wagner <nix@wagner.digital>
@n0emis Ember Keske <nixpkgs@n0emis.network>

1