Security vulnerabilities and automated fixes for form parsing issues
1 post found
CVE-2026-54283 is a high-severity denial-of-service vulnerability in Starlette where size limits set on `request.form()` were silently ignored for `application/x-www-form-urlencoded` content, allowing attackers to submit unbounded form data and exhaust server resources. The fix upgrades Starlette from version 1.2.1 to 1.3.1, which correctly enforces form size limits for all content types. Any Python web application using Starlette (including FastAPI-based services) that accepts form submissions