CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Linux Distros Unpatched Vulnerability : CVE-2026-48817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the...

5.3CVSS5.8AI score0.00213EPSS

Exploits0References3

Cvelist•added 2026/06/17 7:48 p.m.•16 views

CVE-2026-48817 Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...

5.3CVSS0.00213EPSS

Exploits0References2

CVE•added 2026/06/17 7:48 p.m.•24 views

CVE-2026-48817

CVE-2026-48817 affects Starlette 1.0.1 and earlier, where HTTPEndpoint dispatch selects a handler by lowercased method name via getattr without validating against a known HTTP verb. If a Route is used without explicitly listing methods=, every method can reach the endpoint, and non-standard HTTP ...

5.3CVSS5.2AI score0.00213EPSS

Exploits0References2

OSV•added 2026/06/15 8:16 p.m.•3 views

GHSA-X746-7M8F-X49C Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`

Summary When dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an HTTPEndpoint subclass is registered through Route... without an explicit methods...

5.3CVSS5.5AI score0.00213EPSS

Exploits0References2

Github Security Blog•added 2026/06/15 8:16 p.m.•11 views

Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`

5.3CVSS5.4AI score0.00213EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/06/15 12:0 a.m.•6 views

PT-2026-49553

Name of the Vulnerable Software and Affected Versions Starlette versions 1.0.1 and earlier Description In the HTTPEndpoint component, the handler is selected by lowercasing the HTTP method and looking it up as an attribute using getattr without restricting the lookup to a known set of HTTP verbs...

5.3CVSS5.2AI score0.00213EPSS

Exploits0References4

OSV•added 2022/02/15 4:15 p.m.•6 views

AZL-33639 CVE-2022-21698 affecting package rook for versions less than 1.6.2-18

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS6.7AI score0.05994EPSS

Exploits0References1

OSV•added 2022/02/15 4:15 p.m.•4 views

AZL-33637 CVE-2022-21698 affecting package prometheus-process-exporter for versions less than 0.7.10-18

7.5CVSS6.7AI score0.05994EPSS

Exploits0References1

OSV•added 2022/02/15 4:15 p.m.•5 views

AZL-33626 CVE-2022-21698 affecting package node-problem-detector for versions less than 0.8.10-19

7.5CVSS6.7AI score0.05994EPSS

Exploits0References1

OSV•added 2022/02/15 4:15 p.m.•5 views

AZL-34835 CVE-2022-21698 affecting package keda for versions less than 2.14.0-1