Vulnerability identifier: #VU75607
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-400
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
starlette
Web applications /
Modules and components for CMS
Vendor: Encode
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
starlette: 0.1.0 - 0.24.0
External links
http://vulncheck.com/advisories/starlette-multipartparser-dos
http://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
http://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.