Litestar allows unbounded resource consumption (DoS vulnerability)
CVE-2024-52581

7.5HIGH

Key Information:

Vendor: Litestar-org
Status: Litestar
Vendor: CVE Published:; 20 November 2024

🔔 Create Litestar-org Vulnerability Alert

What is CVE-2024-52581?

The multipart form parser in Litestar ASGI framework, specifically in versions prior to 2.13.0, allows an attacker to exploit excessive memory utilization through the uploading of arbitrarily large files. This design flaw stems from the parser's reliance on handling the complete request body as a single byte string, without any enforced size limits. Consequently, this can lead to significant memory consumption, causing potential denial of service on the affected server. While limit adjustments for the number of parts might be implemented, they do not adequately mitigate the risk of out-of-memory errors. A patch addressing this issue has been released in version 2.13.0.