Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: python311Packages.starlette

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2023-30798

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 year, 2 months ago

MultipartParser DOS with too many fields or files in Starlette Framework

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

References

https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisoryx_transferred
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patchx_transferred
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisoryx_transferred
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisoryx_transferred
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patchx_transferred
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisoryx_transferred
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisoryx_transferred
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patchx_transferred
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisoryx_transferred
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisory
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patch
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisory
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisoryx_transferred
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patchx_transferred
https://vulncheck.com/advisories/starlette-multipartparser-dos third-party-advisoryx_transferred

Affected products

starlette

<0.25.0

Matching in nixpkgs

pkgs.python311Packages.starlette

Little ASGI framework that shines

nixos-unstable 0.40.0
- nixpkgs-unstable 0.40.0
- nixos-unstable-small 0.40.0

pkgs.python312Packages.starlette

Little ASGI framework that shines

nixos-unstable 0.40.0
- nixpkgs-unstable 0.40.0
- nixos-unstable-small 0.40.0

pkgs.python311Packages.sse-starlette

Server Sent Events for Starlette and FastAPI

nixos-unstable 2.1.3
- nixpkgs-unstable 2.1.3
- nixos-unstable-small 2.1.3

pkgs.python311Packages.starlette-wtf

Simple tool for integrating Starlette and WTForms

nixos-unstable 0.4.5
- nixpkgs-unstable 0.4.5
- nixos-unstable-small 0.4.5

pkgs.python312Packages.sse-starlette

Server Sent Events for Starlette and FastAPI

nixos-unstable 2.1.3
- nixpkgs-unstable 2.1.3
- nixos-unstable-small 2.1.3

pkgs.python312Packages.starlette-wtf

Simple tool for integrating Starlette and WTForms

nixos-unstable 0.4.5
- nixpkgs-unstable 0.4.5
- nixos-unstable-small 0.4.5

pkgs.python311Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

nixos-unstable 0.14.1
- nixpkgs-unstable 0.14.1
- nixos-unstable-small 0.14.1

pkgs.python312Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

nixos-unstable 0.14.1
- nixpkgs-unstable 0.14.1
- nixos-unstable-small 0.14.1

pkgs.python311Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request

nixos-unstable 0.3.6
- nixpkgs-unstable 0.3.6
- nixos-unstable-small 0.3.6

pkgs.python312Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request

nixos-unstable 0.3.6
- nixpkgs-unstable 0.3.6
- nixos-unstable-small 0.3.6

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@wd15 Daniel Wheeler <daniel.wheeler2@gmail.com>
@pbsds Peder Bergebakken Sundt <pbsds@hotmail.com>
@vidister Fiona Weber <v@vidister.de>
@n0emis Ember Keske <nixpkgs@n0emis.network>
@johannwagner Johann Wagner <nix@wagner.digital>
@yu-re-ka Yureka <yuka@yuka.dev>

1