CVE-2025-54365

Опубликовано: 23 июл. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. This type of patch fails to detect cases in which the string representing the attributes of a

Ссылки

https://github.com/rennf93/fastapi-guard/commit/0829292c322d33dc14ab00c5451c5c138148035a
Patch
https://github.com/rennf93/fastapi-guard/commit/d9d50e8130b7b434cdc1b001b8cfd03a06729f7f
Patch
https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-rrf6-pxg8-684g
Exploit
Vendor Advisory
https://github.com/rennf93/fastapi-guard/security/advisories/GHSA-rrf6-pxg8-684g
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fastapi-guard:fastapi_guard:3.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.0013

Низкий

7.5 High

CVSS3

Дефекты

CWE-20

CWE-1333

Связанные уязвимости

GHSA-rrf6-pxg8-684g

github

7 месяцев назад

FastAPI Guard has a regex bypass