Fedora 39 : python-fastapi / python-starlette (2023-a96ec52457)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-a96ec52457 advisory. Update python-starlette to 0.27.0 and python-fastapi to 0.95.2. Fixes GHSA-v5gw-mw7f-84px Path traversal vulnerability in StaticFiles. Tenable has extracted...

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), acmen (=0.5.0) +402 more potentially affected by CVE-2023-38325 via cryptography (>=40.0.0 <=41.0.1)

cryptography PYPI version =40.0.0, =1.0.0, =0.0.1, =1.2.4, =0.0.12, =4.4.6, =2023.4.0b0, =2.0.0, =0.0.1, =0.2.0, =2.2.13, =3.0.1 and more Source cves: CVE-2023-38325 Source advisory: OSV:PYSEC-2023-112...

Fedora: Security Advisory for python-fastapi (FEDORA-2023-9329cee69d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: python-fastapi-0.95.2-1.fc38

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...

Fedora 38 : python-fastapi / python-starlette (2023-9329cee69d)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-9329cee69d advisory. Update python-starlette to 0.27.0 and python-fastapi to 0.95.2. Fixes GHSA-v5gw-mw7f-84px Path traversal vulnerability in StaticFiles. Tenable has extracted...

GHSA-74M5-2C7W-9W3X MultipartParser denial of service with too many fields or files

Impact The MultipartParser using the package python-multipart accepts an unlimited number of multipart parts form fields or files. Processing too many parts results in high CPU usage and high memory usage, eventually leading to an OOM process kill. This can be triggered by sending too many small...

MultipartParser denial of service with too many fields or files

Impact The MultipartParser using the package python-multipart accepts an unlimited number of multipart parts form fields or files. Processing too many parts results in high CPU usage and high memory usage, eventually leading to an OOM process kill. This can be triggered by sending too many small...

DC-Sonar - Analyzing AD Domains For Security Risks Related To User Accounts

DC Sonar Community Repositories The project consists of repositories: dc-sonar-frontend dc-sonar-user-layer dc-sonar-workers-layer ntlm-scrutinizer Disclaimer It's only for education purposes. Avoid using it on the production Active Directory AD domain. Neither contributor incur any responsibilit...

Fedora: Security Advisory for python-fastapi (FEDORA-2022-d1452fd421)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: python-fastapi-0.75.2-1.fc36

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.6+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...

Fedora: Security Advisory for python-fastapi (FEDORA-2022-dbf6e00ba8)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: python-fastapi-0.75.0-3.fc36

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.6+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...

The vulnerability of the web framework for creating APIs using the Python FastAPI language relates to the manipulation of cross-site requests. This vulnerability allows attackers to gain access to sensitive data and compromise its integrity.

The vulnerability of the web framework for creating APIs using the Python FastAPI language is related to an error in cookies for authentication purposes. During path operations, useful JSON payloads were received. Exploiting this vulnerability could allow a remote attacker to gain access to...

[ASA-202107-6] python-fastapi: cross-site request forgery

Arch Linux Security Advisory ASA-202107-6 ========================================= Severity: Medium Date : 2021-07-01 CVE-ID : CVE-2021-32677 Package : python-fastapi Type : cross-site request forgery Remote : Yes Link : https://security.archlinux.org/AVG-2060 Summary ======= The package...

openmptcprouter-vps-admin authorization issue vulnerability

openmptcprouter-vps-admin is an application. An OpenMPTCProuter API is based on FastAPI. A security vulnerability in Omr-admin.py in openmptcprouter-vps-admin version 0.57.3 and earlier can be exploited by remote attackers to guess passwords via a timing attack...

Fedora: Security Advisory for python-fastapi (FEDORA-2021-917e89c036)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: python-fastapi-0.65.2-1.fc34

FastAPI is a modern, fast high-performance, web framework for building AP Is with Python 3.6+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with Node JS and Go thanks to Starlette and Pydantic. One of the fastest Python...

Cross-Site Request Forgery (CSRF)

fastapi is vulnerable to cross-site request forgery CSRF. The content-type headers are not verified before assuming files are of JSON type. This allows an attacker to inject and execute arbitrary Javascript via a content-type of text/plain which would be rendered as HTML...

GHSA-8H2J-CGX8-6XV7 Cross-Site Request Forgery (CSRF) in FastAPI

Impact FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if...

Cross-Site Request Forgery (CSRF) in FastAPI

Impact FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if...