Web Application Security

090502501 - Python.Fastapi.CVE-2024-24762.ReDoS

Description

This indicates an attack attempt to exploit a Denial-Of-Service vulnerability in python-multipart.
The vulnerability is due to an inefficient regular expression used to parse the HTTP Content-Type header. A remote attacker can exploit this by sending a specially crafted header, causing the process to stall and consume excessive CPU. Successful exploitation can lead to a denial of service (DoS) by blocking the application's event loop.

Affected Products

python-multipart before 0.0.7

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Refer to the vendor's advisory for updates:
https://github.com/fastapi/fastapi/releases/tag/0.109.1

Version Updates

Date	Version	Status	Detail
2026-03-18	0.00423	New

ID	1090502501
Created	Mar 18, 2026
Updated	Mar 18, 2026
CVE ID
Risk
Default Action	drop
Active
Affected OS	Windows, Linux, MacOS
Affected App	python-multipart
Engine Version	5.0.0 or later

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Web Application Security

090502501 - Python.Fastapi.CVE-2024-24762.ReDoS

Description

Affected Products

Impact

Recommended Actions

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Web Application Security

090502501 - Python.Fastapi.CVE-2024-24762.ReDoS

Description

Affected Products

Impact

Recommended Actions

Version Updates

Threat Intelligence
Center