Encode
Products
4- Starlette4 CVEspypi
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48710 | Med | 0.35 | 6.5 | 0.01 | May 26, 2026 | Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host`… | ||
| CVE-2024-21520 | Med | 0.33 | 6.1 | 0.01 | Jun 26, 2024 | Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with tags. | ||
| CVE-2024-24762 | 0.00 | — | 0.02 | Feb 5, 2024 | `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the… | |||
| CVE-2023-29159 | 0.00 | — | 0.02 | Jun 1, 2023 | Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. | |||
| CVE-2023-30798 | 0.00 | — | 0.01 | Apr 21, 2023 | There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service. |
- risk 0.35cvss 6.5epss 0.01
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host`…
- risk 0.33cvss 6.1epss 0.01
Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with tags.
- CVE-2024-24762Feb 5, 2024risk 0.00cvss —epss 0.02
`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the…
- CVE-2023-29159Jun 1, 2023risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
- CVE-2023-30798Apr 21, 2023risk 0.00cvss —epss 0.01
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.