1 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. This is a remote, potentially unauthenticated Denial of Service vulnerability. This vulnerability affects applications with a request handler that accepts a `Body(media_type=RequestEncodingType.MULTI_PART)`. • https://github.com/starlite-api/starlite/commit/9674fe803628f986c03fe60769048cbc55b5bf83 https://github.com/starlite-api/starlite/releases/tag/v1.51.2 https://github.com/starlite-api/starlite/security/advisories/GHSA-p24m-863f-fm6q • CWE-770: Allocation of Resources Without Limits or Throttling •