Description

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause excessive logging for certain inputs. An attacker could abuse this by sending a malicious request with lots of data before the first or after the last boundary, causing high CPU load and stalling the processing thread for a significant amount of time. In case of ASGI application, this could stall the event loop and prevent other requests from being processed, resulting in a denial of service (DoS). This vulnerability is fixed in 0.0.18.

INFO

Published Date :

2024-12-02T15:57:50.232Z

Last Modified :

2024-12-02T19:59:14.830Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-53981 vulnerability.

Vendors Products
Kludex
  • Python-multipart
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-53981.

URL Resource
https://github.com/Kludex/python-multipart/commit/c4fe4d3cebc08c660e57dd709af1ffa7059b3177 cve-icon cve-icon cve-icon
https://github.com/Kludex/python-multipart/security/advisories/GHSA-59g5-xgcq-4qw3 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-53981 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-53981 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact