Resource exhaustion in Litestar-org Litestar

CVE-2024-52581

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the t…

EPSS: 0.004 (63.8th percentile) — read the EPSS interpretation.

Affected products

Litestar-org Litestar — versions < 2.13.0

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

https://github.com/litestar-org/litestar/security/advisories/GHSA-gjcc-jvgw-wvwj (x_refsource_CONFIRM)
https://github.com/litestar-org/litestar/security/advisories/GHSA-p24m-863f-fm6q (x_refsource_MISC)
https://github.com/litestar-org/litestar/commit/53c1473b5ff7502816a9a339ffc90731bb0c2138 (x_refsource_MISC)
https://github.com/litestar-org/litestar/blob/main/litestar/_multipart.py#L97 (x_refsource_MISC)