Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/fastapi@0.31.0

Type pypi

Namespace

Name fastapi

Version 0.31.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.109.1

Latest_non_vulnerable_version 0.109.1

Affected_by_vulnerabilities

url VCID-wupx-xjc5-47at

vulnerability_id VCID-wupx-xjc5-47at

summary FastAPI is a web framework for building APIs with Python 3.8+ based on standard Python type hints. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests. It's a ReDoS(Regular expression Denial of Service), it only applies to those reading form data, using `python-multipart`. This vulnerability has been patched in version 0.109.1.

references

reference_url

https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74

reference_url

https://github.com/encode/starlette/commit/13e5c26a27f4903924624736abd6131b2da80cc5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/encode/starlette/commit/13e5c26a27f4903924624736abd6131b2da80cc5

reference_url

https://github.com/Kludex/python-multipart/commit/20f0ef6b4e4caf7d69a667c54dff57fe467109a4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/Kludex/python-multipart/commit/20f0ef6b4e4caf7d69a667c54dff57fe467109a4

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/fastapi/PYSEC-2024-38.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/fastapi/PYSEC-2024-38.yaml

reference_url

https://github.com/tiangolo/fastapi

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tiangolo/fastapi

reference_url

https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc

reference_url

https://github.com/tiangolo/fastapi/releases/tag/0.109.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tiangolo/fastapi/releases/tag/0.109.1

reference_url

https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063538
reference_id	1063538
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063538

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-24762

reference_id

CVE-2024-24762

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-24762

reference_url	https://github.com/advisories/GHSA-qf9m-vfgh-m389
reference_id	GHSA-qf9m-vfgh-m389
reference_type
scores
url	https://github.com/advisories/GHSA-qf9m-vfgh-m389

fixed_packages

url	pkg:pypi/fastapi@0.109.1
purl	pkg:pypi/fastapi@0.109.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/fastapi@0.109.1

aliases CVE-2024-24762, GHSA-qf9m-vfgh-m389, PYSEC-2024-38

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wupx-xjc5-47at

url VCID-zsh6-2zd9-dqck

vulnerability_id VCID-zsh6-2zd9-dqck

summary cross-site request forgery

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32677

reference_id

reference_type

scores

value	0.00119
scoring_system	epss
scoring_elements	0.30388
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32677

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/fastapi/PYSEC-2021-100.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/fastapi/PYSEC-2021-100.yaml

reference_url

https://github.com/tiangolo/fastapi

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tiangolo/fastapi

reference_url

https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d

reference_url

https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MATAWX25TYKNEKLDMKWNLYDB34UWTROA

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MATAWX25TYKNEKLDMKWNLYDB34UWTROA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MATAWX25TYKNEKLDMKWNLYDB34UWTROA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MATAWX25TYKNEKLDMKWNLYDB34UWTROA/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990582
reference_id	990582
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990582

reference_url	https://security.archlinux.org/ASA-202107-6
reference_id	ASA-202107-6
reference_type
scores
url	https://security.archlinux.org/ASA-202107-6

reference_url

https://security.archlinux.org/AVG-2060

reference_id

AVG-2060

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2060

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-32677

reference_id

CVE-2021-32677

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-32677

reference_url	https://github.com/advisories/GHSA-8h2j-cgx8-6xv7
reference_id	GHSA-8h2j-cgx8-6xv7
reference_type
scores
url	https://github.com/advisories/GHSA-8h2j-cgx8-6xv7

fixed_packages

url pkg:pypi/fastapi@0.65.2

purl pkg:pypi/fastapi@0.65.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wupx-xjc5-47at

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastapi@0.65.2

aliases CVE-2021-32677, GHSA-8h2j-cgx8-6xv7, PYSEC-2021-100

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zsh6-2zd9-dqck

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastapi@0.31.0

Package Instance