Homepage
About Snyk

Allocation of Resources Without Limits or Throttling Affecting starlite package, versions [,1.51.2)

Severity

 Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.13% (49th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-STARLITE-3322034
  • published 15 Feb 2023
  • disclosed 15 Feb 2023
  • credit das7pad
Report a new vulnerability Found a mistake?

Introduced: 15 Feb 2023

CVE-2023-25578 Open this link in a new tab
CWE-770 Open this link in a new tab

How to fix?

Upgrade starlite to version 1.51.2 or higher.

Overview

starlite is a Light-weight and flexible ASGI API Framework

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when the multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. Exploiting this vulnerability is possible by sending many concurrent multipart requests in a loop, and might result in blocking all available worker processes and significantly delay or slow down the processing of legitimate user requests.

Note: This vulnerability affects applications with a request handler that accepts a Body(media_type=RequestEncodingType.MULTI_PART).

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
7.5 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    None
  • Integrity (I)
    None
  • Availability (A)
    High
Expand this section

NVD

7.5 high