CVE-2023-25578 – Starlite DoS vulnerability when parsing multipart request body

https://notcve.org/view.php?id=CVE-2023-25578

Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. This is a remote, potentially unauthenticated Denial of Service vulnerability. This vulnerability affects applications with a request handler that accepts a `Body(media_type=RequestEncodingType.MULTI_PART)`. • https://github.com/starlite-api/starlite/commit/9674fe803628f986c03fe60769048cbc55b5bf83 https://github.com/starlite-api/starlite/releases/tag/v1.51.2 https://github.com/starlite-api/starlite/security/advisories/GHSA-p24m-863f-fm6q • CWE-770: Allocation of Resources Without Limits or Throttling •