VYPR

rpm package

opensuse/python-starlette&distro=openSUSE Leap 16.0

pkg:rpm/opensuse/python-starlette&distro=openSUSE%20Leap%2016.0

Vulnerabilities (3)

  • CVE-2026-48710MedMay 26, 2026
    affected < 0.41.3-160000.3.1fixed 0.41.3-160000.3.1

    Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` hea

  • CVE-2025-62727HigOct 28, 2025
    affected < 0.41.3-160000.3.1fixed 0.41.3-160000.3.1

    Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enabl

  • CVE-2025-54121MedJul 21, 2025
    affected < 0.41.3-160000.3.1fixed 0.41.3-160000.3.1

    Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will bl