by @Smartkeyss
26 Aug 2024

ReDoS in Python-Multipart (CVE-2024-24762)

by @Smartkeyss
26 Aug 2024

ReDoS in Python-Multipart (CVE-2024-24762)

CVEs

7.5 High Severity

Screenshots from the blog posts

images/cm05ld2j33dmp1gnb9jhw8brp.pngimages/cm05ld2j33dmp1gnb9jhw8brp.png

Summary

CVE-2024-24762 affects the python-multipart library, used for parsing multipart/form-data in Python. The vulnerability involves a flawed Regular Expression (RegEx) that can be exploited via a crafted Content-Type header, causing excessive CPU usage and a denial-of-service (ReDoS). It has a CVSS 3.1

Description

users/photos/clsevlral8gef1hon15grbvup.jpg

@Smartkeyss

31 posts

I am just curious 😊 I use simple words to explain complicated things.

Total vcoins

87.9K

Comments (1)