Is CVE-2024-24762 actively exploited?

CVE-2024-24762 has no public evidence of in-the-wild exploitation as of 2025-05-05.

What is the CVSS score for CVE-2024-24762?

CVE-2024-24762 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2024-24762?

Patch guidance is available from fastapiexpert security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-24762.

Fix CVE-2024-24762 - HIGH fastapiexpert python-multipart

Q: Which products are affected by CVE-2024-24762?

2 products: fastapiexpert python-multipart, fastapiexpert python-multipart.

Description

`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-400 CWE-1333

Metadata

Primary Vendor: FASTAPIEXPERT
Published: 2/5/2024
Last Modified: 5/5/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2024-24762

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary