16 matches found
NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes
Summary Two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette's FileResponse, which Uvicorn writes to the server log...
PT-2026-41168
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description An issue exists where the audio transcription upload endpoint uses the file extension from a user-supplied filename to save files. The '/cache/path' route serves these files via FileResponse, whic...
Denial Of Service (DoS)
Starlette is vulnerable to Denial Of Service DoS. The vulnerability is due to quadratic-time processing in the FileResponse HTTP Range header parsing and merging logic, which allows an unauthenticated attacker to send a crafted Range header to exhaust CPU resources...
SUSE CVE-2025-62727
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...
CVE-2025-62727
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...
UBUNTU-CVE-2025-62727
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...
GHSA-7F5H-V6XP-FCQ8 Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
Summary An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
Summary An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...
CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...
CVE-2025-62727
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...
CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...
PT-2025-44209
Name of the Vulnerable Software and Affected Versions Starlette versions 0.39.0 through 0.49.0 Description Starlette is a lightweight ASGI framework/toolkit. An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range...
aiohttp 安全漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. A security vulnerability exists in aiohttp versions prior to 3.10.2, which stems from the FileResponse class not performing path checking relative to the root directory when looking for...
PYSEC-2022-245
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...
UBUNTU-CVE-2022-36359
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...
Drupal 8 configuration file download vulnerability analysis-vulnerability warning-the black bar safety net
Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-09-22 0x00 vulnerability overview 1. Vulnerability description Drupal ( https://www.drupal.org is a free open source content management system, recent researchers have found in it 8. x 8.1.10 version found three security vulnerabilities,...