`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart`     uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could     send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU     resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that     process can't handle any more requests, leading to regular expression denial of service. This     vulnerability has been patched in version 0.0.7. (CVE-2024-24762)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0396ef82cd advisory.

    Automatic update for python-fastapi-0.109.1-1.fc40.

    ##### **Changelog**

    ```
    * Thu Feb  8 2024 Packit <hello@packit.dev> - 0.109.1-1
    - [packit] 0.109.1 upstream release
    - Resolves rhbz#2262507, resolves rhbz#2262844

    ```

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
227823	Linux Distros Unpatched Vulnerability : CVE-2024-24762	Nessus	Misc.	high
194623	Fedora 40 : python-fastapi (2024-0396ef82cd)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2024-24762

high

Tenable Plugins

high

high