Описание
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| starlette | fixed | 0.28.0-1 | package | |
| starlette | no-dsa | bookworm | package | |
| starlette | no-dsa | bullseye | package |
Примечания
https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px
https://github.com/encode/starlette/commit/1797de464124b090f10cf570441e8292936d63e3 (0.27.0)
EPSS
Связанные уязвимости
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
Starlette has Path Traversal vulnerability in StaticFiles
Уязвимость инструментария Starlette для создания асинхронных веб-сервисов на языке Python, связанная с неправильным ограничением имени пути к ограниченному каталогу, позволяющая нарушителю получить доступ к конфиденциальное информации
EPSS