VYPR

PyPI package

litestar

pkg:pypi/litestar

Vulnerabilities (7)

  • CVE-2026-25480Feb 9, 2026
    affected >= 2.19.0, < 2.20.0fixed 2.20.0

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord() substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an

  • CVE-2026-25479Feb 9, 2026
    affected >= 2.19.0, < 2.20.0fixed 2.20.0

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . matches any character). Th

  • CVE-2026-25478Feb 9, 2026
    affected >= 2.19.0, < 2.20.0fixed 2.20.0

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharacters are not escaped, a malicio

  • CVE-2025-59152HigOct 6, 2025
    affected >= 2.17.0, < 2.18.0fixed 2.18.0

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In version 2.17.0, rate limits can be completely bypassed by manipulating the X-Forwarded-For header. This renders IP-based rate limiting ineffective against determined attackers. Litestar's RateLimitMiddlewar

  • CVE-2024-52581Nov 20, 2024
    affected < 2.13.0fixed 2.13.0

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allow

  • CVE-2024-42370HigAug 12, 2024
    affected <= 2.10.0

    Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malic

  • CVE-2024-32982HigMay 6, 2024
    affected >= 2.8.0, < 2.8.3fixed 2.8.3

    Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit pa