ALT-PU-2024-2022-4

Package update python3-module-fastapi in branch sisyphus

Version0.109.2-alt1

Published2026-02-05

Max severityHIGH

Severity:

Closed issues (3)

HIGH7.5

Уязвимость потокового многокомпонентного парсера python-multipart, связанная с неэффективной сложностью регулярных выражений, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-02-12Modified: 2026-01-30

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2024-24762

HIGH7.5

`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.

Published: 2024-02-05Modified: 2025-05-05

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

GHSA-2jv5-9r88-3w3p

HIGH7.5

python-multipart vulnerable to Content-Type Header ReDoS

Published: 2024-02-12Modified: 2026-04-03

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References