Overview
Duplicate Advisory: FastAPI Content-Type Header ReDoS
Advisory
Fastapi 0.109.1 updates its minimum version of 'python-multipart' to >=0.0.7 to include a security fix.
How to Fix
Upgrade
fastapi
to0.109.1
or higher.Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20240205-62096/CVE-2024-24762
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24762
- https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc
- https://github.com/tiangolo/fastapi/releases/tag/0.109.1
- https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389
- https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389
- https://nvd.nist.gov/vuln/detail/CVE-2024-24762
- https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc
- https://github.com/tiangolo/fastapi/releases/tag/0.109.1
- https://github.com/pypa/advisory-database/tree/main/vulns/fastapi/PYSEC-2024-38.yaml
- https://github.com/Kludex/python-multipart/security/advisories/GHSA-2jv5-9r88-3w3p
- https://github.com/encode/starlette/security/advisories/GHSA-93gm-qmq6-w238
- https://github.com/Kludex/python-multipart/commit/20f0ef6b4e4caf7d69a667c54dff57fe467109a4
- https://github.com/encode/starlette/commit/13e5c26a27f4903924624736abd6131b2da80cc5
- https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74
- https://github.com/advisories/GHSA-qf9m-vfgh-m389
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more