CNNVD-202507-2710 Information
CNNVD ID
CNNVD-202507-2710
Related CVE
- CNNVD Published: 2025-07-21
Description (Chinese)
Starlette是Encode开源的一个轻量级的 ASGI 框架/工具包。非常适合用 Python 构建异步 web 服务。 Starlette 0.47.1及之前版本存在安全漏洞,该漏洞源于对多部分表单处理不当,可能导致拒绝服务攻击。
Description (English)
Starlette is a lightweight ASGI framework/tool kit from Encode open source. Perfectly fit to build web service with Python. There is a security loophole in Starlette 0.47.1 and earlier versions, which stems from the mishandling of multiple forms and may lead to denial of service attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Encode
Published
2025-07-21
Last Modified
2026-02-24
References
https://github.com/encode/starlette/commit/9f7ec2eb512fcc3fe90b43cb9dd9e1d08696bec1 https://github.com/encode/starlette/blob/fa5355442753f794965ae1af0f87f9fec1b9a3de/starlette/datastructures.py#L436C5-L447C14 https://github.com/encode/starlette/discussions/2927#discussioncomment-13721403 https://github.com/encode/starlette/security/advisories/GHSA-2c2j-9gv5-cj73 https://access.redhat.com/security/cve/cve-2025-54121 https://vigilance.fr/vulnerability/Python-Starlette-denial-of-service-via-multi-part-47823
Patch
https://github.com/encode/starlette/releases
Share on: