starlette is vulnerable to Path Traversal. A remote attacker is able to gain access to sensitive files when the file or directory is exposed via StaticFiles
. The vulnerability is exploitable if the file or directory starts with the same name as the StaticFiles
directory.
github.com/advisories/GHSA-v5gw-mw7f-84px
github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py#L172
github.com/encode/starlette/commit/1797de464124b090f10cf570441e8292936d63e3
github.com/encode/starlette/releases/tag/0.27.0
github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px
jvn.jp/en/jp/JVN95981715/
jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000056.html