What is CVE-2024-47874?

CVE-2024-47874 is a vulnerability in Encode Starlette, classified under Allocation of Resources Without Limits or Throttling. Published 2024-10-15.

Is CVE-2024-47874 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Encode Starlette

CVE-2024-47874

Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size l…

EPSS: 0.001 (31.2th percentile) — read the EPSS interpretation.

Affected products

Encode Starlette — versions < 0.40.0

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

Public proof-of-concept exploits

References

https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw (x_refsource_CONFIRM)
https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-47874?: CVE-2024-47874 is a vulnerability in Encode Starlette, classified under Allocation of Resources Without Limits or Throttling. Published 2024-10-15.
Is CVE-2024-47874 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.