High Severity

fastapi

ReDoS Vulnerability in Form Data Parsing

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in FastAPI version 0.109.0, specifically when parsing Form data. The issue, which causes the server to lock up and a CPU core to reach 100% usage, was patched in version 0.109.1.

Available publicly on Mar 15 2024

7.5

CVE:

CVE-2024-24762

CWE:

400:Uncontrolled Resource Consumption

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Credit:

byt3bl33d3r
AssessDetect

Available

Remediate
Remediation Steps
  • Upgrade FastAPI to version 0.109.1 or later.
  • As a temporary measure, implement request validation to reject requests with suspicious Content-Type headers.
  • Consider using a WAF (Web Application Firewall) to detect and block malicious requests before they reach the application server.
  • Monitor server resource usage to detect potential DoS attacks early.
Patch Details
  • Fixed Version: 0.109.1
  • Patch Commit: https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 291 related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon