Homepage
About Snyk

Allocation of Resources Without Limits or Throttling Affecting starlite package, versions [,1.51.2)

0.0
high

Snyk CVSS

    Attack Complexity Low
    Availability High

    Threat Intelligence

    EPSS 0.11% (44th percentile)
Expand this section
NVD
7.5 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-STARLITE-3322034
  • published 15 Feb 2023
  • disclosed 15 Feb 2023
  • credit das7pad
Report a new vulnerability Found a mistake?

Introduced: 15 Feb 2023

CVE-2023-25578 Open this link in a new tab
CWE-770 Open this link in a new tab

How to fix?

Upgrade starlite to version 1.51.2 or higher.

Overview

starlite is a Light-weight and flexible ASGI API Framework

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when the multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. Exploiting this vulnerability is possible by sending many concurrent multipart requests in a loop, and might result in blocking all available worker processes and significantly delay or slow down the processing of legitimate user requests.

Note: This vulnerability affects applications with a request handler that accepts a Body(media_type=RequestEncodingType.MULTI_PART).