Lucene search
K

4 matches found

NVD
NVD
added 2026/06/17 8:17 p.m.8 views

CVE-2026-48817

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...

5.3CVSS0.00213EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 7:48 p.m.50 views

CVE-2026-48817

CVE-2026-48817 affects Starlette 1.0.1 and earlier, where HTTPEndpoint dispatch selects a handler by lowercased method name via getattr without validating against a known HTTP verb. If a Route is used without explicitly listing methods=, every method can reach the endpoint, and non-standard HTTP ...

5.3CVSS5.2AI score0.00213EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 8:16 p.m.6 views

GHSA-X746-7M8F-X49C Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`

Summary When dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an HTTPEndpoint subclass is registered through Route... without an explicit methods...

5.3CVSS5.5AI score0.00213EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:16 p.m.13 views

Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`

Summary When dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an HTTPEndpoint subclass is registered through Route... without an explicit methods...

5.3CVSS5.4AI score0.00213EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder