Debian dsa-6302 : python3-starlette - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6302 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6302-1 [email protected]...

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2025-62727, CVE-2025-58754)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-62727 DESCRIPTION: Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses Starlette dependency which is vulnerable to CVE-2025-62727.

Summary IBM Maximo Application Suite - Visual Inspection Component uses Starlette dependency which is vulnerable to CVE-2025-62727. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-62727 DESCRIPTION: Starlette is a lightweigh...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2025-54121]

Summary Python module starlette is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to address the reported...

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF007

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF007 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway...

Linux Distros Unpatched Vulnerability : CVE-2025-62727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP...

CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

aa-rag (>=0.4.2 <=0.4.3), ab-auth-client-service (>=0.1.3 <=0.3.5) +1579 more potentially affected by CVE-2025-62727 via starlette (>=0.39.2 <=0.49.0)

starlette PYPI version =0.39.2, =0.4.2, =0.1.3, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.2.1, =0.1.0, =0.1.1, =0.1.1, =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.3 and more Source cves: CVE-2025-62727 Source advisory: OSV:GHSA-7F5H-V6XP-FCQ8...

EUVD-2024-3029

Malicious code in bioql PyPI...

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.2 Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versio...

Denial Of Service (DoS)

Starlette is vulnerable to Denial Of Service DoS. The vulnerability is due to blocking of the main event thread caused by improper handling of large multipart file uploads, where a bug in the UploadFile logic fails to anticipate memory rollover, blocking the application from accepting new...

01os (>=0.0.1 <=0.0.14), 12factor-configclasses (>=0.2.1 <=0.2.6) +4109 more potentially affected by CVE-2025-54121 via starlette (>=0.10.1 <=0.47.1)

starlette PYPI version =0.10.1, =0.0.1, =0.2.1, =0.1.0, =0.3.6, =0.12.0, =0.4.2, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.1.9 and more Source cves: CVE-2025-54121 Source advisory: SNYK:PYTHON-STARLETTE-10874054...

CVE-2025-54121

CVE-2025-54121 affects Starlette (Python, ASGI). In versions 0.47.1 and older, multipart form parsing of large files can cause the main event loop to stall while rolling the file to disk, because UploadFile incorrectly checks file-in-memory status and whether additional bytes trigger a rollover. ...

01os (>=0.0.1 <=0.0.14), 12factor-configclasses (>=0.2.1 <=0.2.6) +4091 more potentially affected by CVE-2025-54121 via starlette (>=0.10.1 <=0.47.1)

starlette PYPI version =0.10.1, =0.0.1, =0.2.1, =0.1.0, =0.3.6, =0.12.0, =0.4.2, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.1.9 and more Source cves: CVE-2025-54121 Source advisory: OSV:GHSA-2C2J-9GV5-CJ73...

Starlette 安全漏洞

Starlette is a lightweight ASGI framework/toolkit open-sourced by Encode. It is ideal for building asynchronous web services in Python. A security vulnerability exists in Starlette 0.47.1 and earlier versions , which stems from improper handling of multipart forms and could lead to a denial of...

Open WebUI has vulnerable dependency on starlette via fastapi

In version 0.3.32 of open-webui, the application uses a vulnerable version of the starlette package through its dependency on fastapi. The starlette package versions =0.49 are susceptible to uncontrolled resource consumption, which can be exploited to cause a denial of service through memory...

Danswer 资源管理错误漏洞

Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A resource management error vulnerability exists in Danswer version 0.9.0, which stems from the use of a vulnerable version of the starlette package and could lead t...

Denial Of Service (DoS)

Starlette is vulnerable to Denial of Service DoS. The vulnerability is due to the way Starlette handles multipart/form-data parts without a filename. Specifically, these parts are treated as text form fields and buffered in byte strings without any size limits, allowing for arbitrary large upload...

01os (>=0.0.1 <=0.0.14), 12factor-configclasses (>=0.2.1 <=0.2.6) +3124 more potentially affected by CVE-2024-47874 via starlette (>=0.10.1 <=0.39.2)

starlette PYPI version =0.10.1, =0.0.1, =0.2.1, =0.1.0, =0.3.6, =0.12.0, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =1.0.0, =1.1.2 and more Source cves: CVE-2024-47874 Source advisory: OSV:GHSA-F96H-PMFR-66VW...

01os (>=0.0.1 <=0.0.14), 12factor-configclasses (>=0.2.1 <=0.2.6) +3129 more potentially affected by CVE-2024-47874 via starlette (>=0.10.1 <=0.39.2)

starlette PYPI version =0.10.1, =0.0.1, =0.2.1, =0.1.0, =0.3.6, =0.12.0, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =1.0.0, =1.1.2 and more Source cves: CVE-2024-47874 Source advisory: SNYK:PYTHON-STARLETTE-8186175...