CVE-2024-52581: Litestar allows unbounded resource consumption (DoS vulnerability)
(updated )
Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allows an attacker to cause excessive memory consumption on the server by sending large requests.
References
- github.com/advisories/GHSA-gjcc-jvgw-wvwj
- github.com/litestar-org/litestar
- github.com/litestar-org/litestar/blob/main/litestar/_multipart.py
- github.com/litestar-org/litestar/commit/53c1473b5ff7502816a9a339ffc90731bb0c2138
- github.com/litestar-org/litestar/security/advisories/GHSA-gjcc-jvgw-wvwj
- github.com/litestar-org/litestar/security/advisories/GHSA-p24m-863f-fm6q
- github.com/pypa/advisory-database/tree/main/vulns/litestar/PYSEC-2024-178.yaml
- nvd.nist.gov/vuln/detail/CVE-2024-52581
Code Behaviors & Features
Detect and mitigate CVE-2024-52581 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →