Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ReDoS in multipart 1.3.0 - `parse_options_header()`
Vulnerability Description
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking (ReDoS) when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service (DoS) attacks against web applications using this library to parse request headers or multipart/form-data streams. The issue is fixed in 1.2.2, 1.3.1 and 1.4.0-dev.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
CWE-1333
Vulnerability Title
python-multipart 安全漏洞
Vulnerability Description
python-multipart是Marcelo Trylesinski个人开发者的一个Python的流式多部分解析器。 python-multipart 1.2.2之前版本、1.3.1之前版本和1.4.0-dev之前版本存在安全漏洞,该漏洞源于parse_options_header函数使用存在歧义的正则表达式,可能导致解析恶意HTTP或多部分标头时出现指数级回溯,从而引发拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A