CVE-2025-54121

Name of the Vulnerable Software and Affected Versions Starlette versions 0.47.1 and below

Description Starlette is a lightweight ASGI framework/toolkit for building async web services in Python. When parsing multi-part forms with large files exceeding the default maximum spool size, Starlette blocks the main thread to transfer the file to disk. This blockage impacts the event thread, preventing the application from accepting new connections. The issue stems from a flaw in the UploadFile code where the logic fails to account for potential rollovers caused by additional bytes.

Recommendations Update to Starlette version 0.47.2 or later.