CVE-2023-25578: Denial of service vulnerability when parsing multipart request body
(updated )
The request body parsing in starlite allows a potentially unauthenticated
attacker to consume a large amount of CPU time and RAM.
References
- github.com/advisories/GHSA-p24m-863f-fm6q
- github.com/pypa/advisory-database/tree/main/vulns/starlite/PYSEC-2023-49.yaml
- github.com/starlite-api/starlite
- github.com/starlite-api/starlite/commit/9674fe803628f986c03fe60769048cbc55b5bf83
- github.com/starlite-api/starlite/releases/tag/v1.51.2
- github.com/starlite-api/starlite/security/advisories/GHSA-p24m-863f-fm6q
- nvd.nist.gov/vuln/detail/CVE-2023-25578
Code Behaviors & Features
Detect and mitigate CVE-2023-25578 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →