CVE-2024-53981

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 2, 2024
CWE ID 770

Summary

CVE-2024-53981 is a vulnerability affecting the python-multipart library, which is used for parsing form data in Python. The issue lies in the way python-multipart handles line breaks and tailing bytes in boundaries. An attacker could exploit this by sending maliciously crafted requests with excessive data before or after the boundary, leading to high CPU usage and thread stalling. For ASGI applications, this could result in a denial of service (DoS) by preventing other requests from being processed. The vulnerability is resolved in version 0.0.18.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share