3 matches found
GHSA-94F4-HR76-P5J6 vLLM: OpenAI auth bypass
Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware, which was discovered during @x41sec's source code audit. It allows to use the API without providing the configured VLLMAPIKEY or...
CVE-2025-54121
Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...
ROS-20250226-04
A vulnerability in the Starlette ASGI web development framework is related to the allocation of unlimited memory. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service...