CVE-2024-24762

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 5, 2024
Updated: Feb 17, 2024
CWE ID 1333
CWE ID 400

Summary

CVE-2024-24762 is a vulnerability affecting the python-multipart library, which is a streaming multipart parser for Python. This vulnerability occurs when using form data and involves a Regular Expression used to parse the HTTP Content-Type header. An attacker can exploit this by sending a custom-made Content-Type option that is difficult for the RegEx to process, causing high CPU usage and potentially stalling the application indefinitely. This vulnerability can lead to regular expression denial of service (ReDoS) and affects various products utilizing python-multipart. The issue has been addressed in version 0.0.7 of the library.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-24762 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options