PT-2025-34323 · Pypi · Litestar

Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or log exceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats...

CVE-2023-23595

BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported...