4 matches found
CVE-2026-48817
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...
CVE-2026-48817
CVE-2026-48817 affects Starlette 1.0.1 and earlier, where HTTPEndpoint dispatch selects a handler by lowercased method name via getattr without validating against a known HTTP verb. If a Route is used without explicitly listing methods=, every method can reach the endpoint, and non-standard HTTP ...
GHSA-X746-7M8F-X49C Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`
Summary When dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an HTTPEndpoint subclass is registered through Route... without an explicit methods...
Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`
Summary When dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an HTTPEndpoint subclass is registered through Route... without an explicit methods...