Lucene search
K

333 matches found

OSV
OSV
added 2025/10/28 9:15 p.m.1 views

DEBIAN-CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS6.1AI score0.00638EPSS
Exploits0References1
OSV
OSV
added 2025/10/28 9:15 p.m.2 views

UBUNTU-CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS6.8AI score0.00638EPSS
Exploits0References4
OSV
OSV
added 2025/10/28 8:38 p.m.3 views

GHSA-7F5H-V6XP-FCQ8 Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``

Summary An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...

7.5CVSS6.5AI score0.00638EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/28 8:38 p.m.8 views

Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``

Summary An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...

7.5CVSS6.9AI score0.00638EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/10/28 8:14 p.m.3 views

CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS6.6AI score0.00638EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/28 8:14 p.m.7 views

CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS0.00638EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/28 8:14 p.m.7 views

EUVD-2025-36555

Starlette is a lightweight ASGI framework/toolkit. Prior to 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service...

7.5CVSS6.4AI score0.00638EPSS
Exploits0References4
CVE
CVE
added 2025/10/28 8:14 p.m.87 views

CVE-2025-62727

CVE-2025-62727 (Starlette) : Affects Starlette before version 0.49.1, where an unauthenticated attacker can send a crafted HTTP Range header triggering quadratic-time processing in FileResponse Range parsing/merging, causing CPU exhaustion and denial of service on file-serving endpoints. A fix is...

7.5CVSS6.1AI score0.00638EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/28 8:14 p.m.13 views

CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS6.1AI score0.00638EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.3 views

PT-2025-44209

Name of the Vulnerable Software and Affected Versions Starlette versions 0.39.0 through 0.49.0 Description Starlette is a lightweight ASGI framework/toolkit. An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range...

7.5CVSS6.5AI score0.00638EPSS
Exploits0References182
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-9515

Malware in sbrugna...

5CVSS8.9AI score0.5643EPSS
Exploits2References16
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-13356

Malware in sbrugna...

7.8CVSS5AI score0.02584EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-0505

Malware in sbrugna...

5CVSS6.4AI score0.02027EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-2291

Malware in sbrugna...

7.5CVSS6.4AI score0.1023EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-11470

Malware in sbrugna...

6.5CVSS6.6AI score0.01239EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-7676

Malware in sbrugna...

7.5CVSS7.5AI score0.01328EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-2274

Malware in sbrugna...

5CVSS6.2AI score0.02175EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-7125

Malware in sbrugna...

5CVSS6.4AI score0.02849EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/06 12:0 a.m.3 views

RockyLinux 10 : libsoup3 (RLSA-2025:8128)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8128 advisory. libsoup: Denial of Service attack to websocket server CVE-2025-32049 libsoup: Denial of service in server when client requests a large amount of...

7.5CVSS6.4AI score0.00821EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-49960

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01492EPSS
Exploits0References4
Rows per page
Query Builder