CVE-2024-53981

Name of the Vulnerable Software and Affected Versions: python-multipart versions prior to 0.0.18

Description: The issue arises when parsing form data, as python-multipart skips line breaks in front of the first boundary and any tailing bytes after the last boundary, one byte at a time, emitting a log event each time. This can cause excessive logging for certain inputs. An attacker could exploit this by sending a malicious request with lots of data before the first or after the last boundary, causing high CPU load and stalling the processing thread. In the case of an ASGI application, this could stall the event loop and prevent other requests from being processed, resulting in a denial of service.

Recommendations: For python-multipart versions prior to 0.0.18, update to version 0.0.18 to resolve the issue. As a temporary workaround, consider restricting the amount of data that can be sent before the first or after the last boundary to minimize the risk of exploitation.