PT-2024-30175 · Unknown · Fastapi-Admin

Name of the Vulnerable Software and Affected Versions: fastapi-admin pro version 0.1.4 Description: A cross-site scripting XSS vulnerability in the Create Product function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

Information Disclosure

fastapi-opa is vulnerable to Information Disclosure. The vulnerability is due to lack of authentication enforcement for HTTP OPTIONS requests by OpaMiddleware, allowing an unauthenticated attacker to determine the existence of entities within the application based on the responses to these reques...

CVE-2024-40627

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

CVE-2024-40627

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

UBUNTU-CVE-2024-40627

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

CVE-2024-40627

CVE-2024-40627 concerns the Fastapi-OPA OpaMiddleware, which incorrectly allows unauthenticated HTTP OPTIONS requests by bypassing policy evaluation. This can enable an unauthenticated attacker to infer entity existence based on responses, potentially leaking information about writable entities. ...

CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

fastflows (>=0.1.0 <=0.1.2) potentially affected by CVE-2024-40627 via fastapi-opa (=1.4.8)

fastapi-opa PYPI version =1.4.8 is affected by a known vulnerability. The following packages have a transitive dependency on fastapi-opa and may be impacted: - fastflows =0.1.0, =0.1.2 Source cves: CVE-2024-40627 Source advisory: OSV:GHSA-5F5C-8RVC-J8WF...

OpaMiddleware does not filter HTTP OPTIONS requests

Summary HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. The maintainer uncertain whether this should be classed as a "bug" or "security issue" – but is erring on the side of "security issue" as an...

GHSA-5F5C-8RVC-J8WF OpaMiddleware does not filter HTTP OPTIONS requests

Summary HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. The maintainer uncertain whether this should be classed as a "bug" or "security issue" – but is erring on the side of "security issue" as an...

PT-2024-28950 · Unknown · Fastapi Opa

Name of the Vulnerable Software and Affected Versions: Fastapi OPA versions prior to 2.0.1 Description: The issue allows unauthenticated attackers to discover which entities exist within an application by sending HTTP OPTIONS requests. This is because OpaMiddleware allows all HTTP OPTIONS request...

Malicious code in fastapi-https (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5130 Malicious code in fastapi-https (PyPI)

--- -= Per source details. Do not edit below this line.=-...

OPENSUSE-SU-2024:13684-1 python310-fastapi-0.109.1-1.1 on GA media

These are all security issues fixed in the python310-fastapi-0.109.1-1.1 package on the GA media of openSUSE Tumbleweed...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +131 more potentially affected by CVE-2024-37568 via authlib (>=0.10.0 <=1.3.0)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0, =0.0.1, =0.1.0, =1.0.3, =2.0.0, =0.0.59, =0.5.0, =1.6.1, =4.2.0.43, =0.1.0, =0.3.0 and more Source cves: CVE-2024-37568 Source advisory: OSV:GHSA-5357-C2JX-V7QH...

Fedora 40 : python-fastapi (2024-0396ef82cd)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0396ef82cd advisory. Automatic update for python-fastapi-0.109.1-1.fc40. Changelog Thu Feb 8 2024 Packit - 0.109.1-1 - packit 0.109.1 upstream release - Resolves rhbz2262507,...

Fedora 39 : python-fastapi / python-starlette (2023-6c030b3c71)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6c030b3c71 advisory. python-starlette 0.25.0 Fixed - Limit the number of fields and files when parsing multipart/form-data on the MultipartParser python-fastapi 0.92.0 This is a...

Fedora 38 : python-fastapi / python-starlette (2023-9d50269499)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-9d50269499 advisory. python-starlette 0.25.0 Fixed - Limit the number of fields and files when parsing multipart/form-data on the MultipartParser python-fastapi 0.92.0 This is a...

Fedora: Security Advisory for python-fastapi (FEDORA-2024-09c7f715c9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...