CVE-2023-30798 HIGH

CVE-2023-30798: MultipartParser DOS with too many fields or files in Starlette Framework

Vendor Encode

Product Starlette

Weakness CWE-400

Published April 21, 2023

Last update November 21, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

Key dates

02Disclosure timeline

April 21, 2023 CVE published

November 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-30798 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

CVE-2023-30798: MultipartParser DOS with too many fields or files in Starlette Framework

01Description

02Disclosure timeline

03References

04Related CVE