Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
EncodeStarlette*

4 matches found

CVE
CVEadded 2024/10/15 4:15 p.m.221 views

CVE-2024-47874

Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fie...

8.7CVSS7AI score0.00075EPSS
CVE
CVEadded 2023/06/01 2:15 a.m.148 views

CVE-2023-29159

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.

7.5CVSS7.3AI score0.01332EPSS
CVE
CVEadded 2023/04/21 4:15 p.m.51 views

CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

7.5CVSS7.4AI score0.00726EPSS
CVE
CVEadded 6 days ago9 views

CVE-2025-54121

Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will block the main thread...

5.3CVSS6.6AI score0.00045EPSS