20 matches found
CVE-2026-48710
Starlette (Python ASGI framework) contains a Host header validation issue in versions before 1.0.1. The HTTP Host header was not validated when reconstructing request.url, while routing relies on the raw path and request.url, allowing a malformed Host header to make request.url.path differ from t...
Starlette 环境问题漏洞
Starlette is a lightweight ASGI framework/toolkit developed by Encode. It’s ideal for building asynchronous web services using Python. Versions of Starlette prior to 1.0.1 contained an environmental issue vulnerability. This vulnerability stemmed from the lack of validation of the HTTP Host reque...
BadHost: Missing Host header validation poisons request.url.path, bypassing path-based security checks
Starlette reconstructs the requested URL based on the HTTP Host request header and requested path, but does not perform any validation of the Host header value. This allows attackers to inject paths into the host part, prepending the actual path. However, routing in Starlette is based on the actu...
Starlette 安全漏洞
Starlette is a lightweight ASGI framework/toolkit open-sourced by Encode. It is ideal for building asynchronous web services in Python. Starlette 0.49.1 before the version of a security vulnerability , the vulnerability stems from the FileResponse Range parsing merge logic has a secondary time...
EUVD-2025-22159
Malicious code in bioql PyPI...
EUVD-2023-0244
Malicious code in bioql PyPI...
CVE-2025-54121 Starlette has possible denial-of-service vector when parsing large files in multipart forms
Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...
CVE-2025-54121 Starlette has possible denial-of-service vector when parsing large files in multipart forms
Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...
TencentOS Server 4: python-starlette (TSSA-2024:1053)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1053 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2024-47874
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a...
CVE-2024-47874
Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form...
DEBIAN-CVE-2024-47874
Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form...
CVE-2024-47874
CVE-2024-47874 (Starlette / FastAPI) : Prior to v0.40.0, Starlette buffers multipart/form-data parts without a filename as text with no size limit, enabling requests that create very large form fields. This can cause excessive memory allocations, high memory usage, and potential OOM conditions, p...
Starlette 安全漏洞
Starlette is a lightweight ASGI framework/toolkit open-sourced by Encode. It is ideal for building asynchronous web services in Python. Starlette 0.40.0 version of the previous security vulnerability , the vulnerability stems from not targeting users...
SUSE CVE-2023-30798
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...
SUSE CVE-2023-29159
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette...
UBUNTU-CVE-2023-30798
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...
PYSEC-2023-48
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...
CVE-2023-30798 MultipartParser DOS with too many fields or files in Starlette Framework
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...
CVE-2023-30798 MultipartParser DOS with too many fields or files in Starlette Framework
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...