Lucene search

Veracode Vulnerability DatabaseVERACODE:46789

HistoryMay 07, 2024 - 1:35 p.m.

Local File Inclusion (LFI)

2024-05-0713:35:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

lfi

path traversal

information disclosure

server compromise

static files

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Litestar and Starlite are vulnerable to a Local File Inclusion (LFI). The vulnerability is due to path traversal flaws within static_files/base.py, allowing attackers to access sensitive files outside designated directories, potentially leading to information disclosure or server compromise.

CPENameOperatorVersion
starlitele1.51.15
starlitele2.0.0a2
litestarle2.7.1
litestarle2.8.2
litestarle2.6.3
starlitele1.51.15
starlitele2.0.0a2
litestarle2.7.1
litestarle2.8.2
litestarle2.6.3

Name	Operator	Version
starlite	le	1.51.15
starlite	le	2.0.0a2
litestar	le	2.7.1
litestar	le	2.8.2
litestar	le	2.6.3
starlite	le	1.51.15
starlite	le	2.0.0a2
litestar	le	2.7.1
litestar	le	2.8.2
litestar	le	2.6.3

References

github.com/advisories/GHSA-83pv-qr33-2vcf

github.com/litestar-org/litestar/blob/main/litestar/static_files/base.py#L70

github.com/litestar-org/litestar/commit/57e706e7effdc182fc9a2af5981bc88afb21851b

github.com/litestar-org/litestar/security/advisories/GHSA-83pv-qr33-2vcf

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for VERACODE:46789