CVE-2023-29159

CVE-2023-29159 covers a directory traversal vulnerability in Starlette. Affected are Starlette versions 0.13.5 and later and prior to 0.27.0, where improper validation of requests to StaticFiles can allow a remote, unauthenticated attacker to view arbitrary files in a Starlette-based web service....

CVE-2026-48710

Starlette (Python ASGI framework) contains a Host header validation issue in versions before 1.0.1. The HTTP Host header was not validated when reconstructing request.url, while routing relies on the raw path and request.url, allowing a malformed Host header to make request.url.path differ from t...

CVE-2023-30798

CVE-2023-30798 affects Starlette’s multipart handling via the python-multipart MultipartParser prior to 0.25.0. An unauthenticated remote attacker can exploit unlimited form fields/parts to trigger high memory usage and a denial-of-service of the HTTP service. Public documents confirm Encode Star...