CVE-2024-53981
📋 TL;DR
CVE-2024-53981 is a denial-of-service vulnerability in python-multipart where attackers can send malicious multipart requests with excessive data before the first boundary or after the last boundary. This causes high CPU usage and stalls processing threads, potentially blocking other requests in ASGI applications. All applications using vulnerable versions of python-multipart are affected.
💻 Affected Systems
- python-multipart
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service where the application becomes unresponsive, blocking all legitimate requests and potentially requiring service restart.
Likely Case
Degraded application performance with increased response times and potential request timeouts during attack periods.
If Mitigated
Minimal impact with proper rate limiting and monitoring in place to detect and block malicious requests.
🎯 Exploit Status
Exploitation requires sending specially crafted HTTP requests with excessive data around boundaries, which is relatively straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.0.18
Vendor Advisory: https://github.com/Kludex/python-multipart/security/advisories/GHSA-59g5-xgcq-4qw3
Restart Required: No
Instructions:
1. Update python-multipart to version 0.0.18 or later using pip: pip install python-multipart>=0.0.18
2. Update requirements.txt or pyproject.toml to specify python-multipart>=0.0.18
3. Test the application to ensure compatibility with the updated version.
🔧 Temporary Workarounds
Rate Limiting
allImplement request rate limiting and size limits to prevent excessive data in multipart requests.
Request Size Limits
web_serversConfigure web server or application to limit maximum request body size.
# For nginx: client_max_body_size 10m;
# For Apache: LimitRequestBody 10485760
🧯 If You Can't Patch
- Implement WAF rules to block requests with excessive data before first boundary or after last boundary
- Deploy reverse proxy with request size limits and anomaly detection
🔍 How to Verify
Check if Vulnerable:
Check python-multipart version: pip show python-multipart | grep VersionCheck Version:
pip show python-multipart | grep VersionVerify Fix Applied:
Verify version is 0.0.18 or higher: python -c "import multipart; print(multipart.__version__)"📡 Detection & Monitoring
Log Indicators:
- Excessive logging of boundary parsing events
- High CPU usage spikes
- Request timeouts for multipart endpoints
Network Indicators:
- Large HTTP requests to multipart endpoints
- Requests with unusual boundary patterns
SIEM Query:
source=application_logs "boundary" AND ("\r" OR "\n") | stats count by src_ip, endpoint