Lucene search
K

4 matches found

NVD
NVD
added 2026/06/22 6:16 p.m.9 views

CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

5.3CVSS0.00187EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:45 p.m.5 views

CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

3.7CVSS5.9AI score0.00187EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/27 10:57 p.m.13 views

CVE-2026-48710

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References10
CVE
CVE
added 2026/05/26 9:54 p.m.199 views

CVE-2026-48710

Starlette (Python ASGI framework) contains a Host header validation issue in versions before 1.0.1. The HTTP Host header was not validated when reconstructing request.url, while routing relies on the raw path and request.url, allowing a malformed Host header to make request.url.path differ from t...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References20Affected Software1
Rows per page
Query Builder