CVE-2024-12868

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-47874. Notes: All CVE users should reference CVE-2024-47874 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2024-12868

CVE-2024-12868 is rejected and should not be used; reference CVE-2024-47874.

CVE-2024-12868

...

CVE-2024-12868

...

CVE-2025-0182

The CVE-2025-0182 entry affects danswer-ai/danswer (v0.9.0). The root cause is use of a vulnerable Starlette version (

CVE-2025-0182 Denial of Service in danswer-ai/danswer

A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial of service through memory exhaustion. The issue arises from the use of a vulnerable version of the starlette package =0.49 via fastapi, which was patched in fastapi version 0.115.3. The vulnerability can be exploited by sending...

CVE-2025-0182 Denial of Service in danswer-ai/danswer

A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial of service through memory exhaustion. The issue arises from the use of a vulnerable version of the starlette package =0.49 via fastapi, which was patched in fastapi version 0.115.3. The vulnerability can be exploited by sending...

MAL-2025-2171 Malicious code in fastapi.py (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c591ed328da145b399af78111c309d609f9c1036b092eb17c774f9428b367207 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux Distros Unpatched Vulnerability : CVE-2021-32677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for...

dspy (>=2.5.43 <=2.6.0rc8), jac-cloud (>=0.1.0 <=0.1.24) +10 more potentially affected by unknown CVE via fastapi-sso (>=0.10.0 <=0.15.0)

fastapi-sso PYPI version =0.10.0, =2.5.43, =0.1.0, =0.0.1, =0.0.1, =2.0.0a51, =2.0.5, =1.0.1, =0.12.11, =2.7.11, =0.5.71, =0.6.52 Source cves: unknown CVE Source advisory: SNYK:PYTHON-FASTAPISSO-8445602...

Race Condition

Overview fastapi-sso is a FastAPI plugin to enable SSO to most common providers such as Facebook login, Google login and login via Microsoft Office 365 Account Affected versions of this package are vulnerable to Race Condition. When multiple concurrent login requests are processed simultaneously,...

Fedora 41 : python-fastapi / python-openapi-core / python-platformio / etc (2024-05dedb1a53)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-05dedb1a53 advisory. Security fix for CVE-2024-47874. Starlette 0.40.0 October 15, 2024 This release fixes a Denial of service DoS via multipart/form-data requests. You can view...

[SECURITY] Fedora 41 Update: python-fastapi-0.115.2-1.fc41

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.8+ based on standard Python type hints. The key features are: =E2=80=A2 Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python frameworks available...

Fedora: Security Advisory (FEDORA-2024-f1615b58e6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2024-47874

Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form...

GHSA-F96H-PMFR-66VW Starlette Denial of service (DoS) via multipart/form-data

Summary Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and...

CVE-2024-47874

Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form...

01os (>=0.0.1 <=0.0.14), 12factor-configclasses (>=0.2.1 <=0.2.6) +3129 more potentially affected by CVE-2024-47874 via starlette (>=0.10.1 <=0.39.2)

starlette PYPI version =0.10.1, =0.0.1, =0.2.1, =0.1.0, =0.3.6, =0.12.0, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =1.0.0, =1.1.2 and more Source cves: CVE-2024-47874 Source advisory: SNYK:PYTHON-STARLETTE-8186175...

PT-2024-7391

Name of the Vulnerable Software and Affected Versions: Starlette versions prior to 0.40.0 Description: The issue is related to how Starlette handles multipart/form-data parts without a filename, treating them as text form fields and buffering them in byte strings with no size limit. This allows a...

Fedora: Security Advisory (FEDORA-2023-a96ec52457)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...