starlite@0.1.6 vulnerabilities
Performant, light and flexible ASGI API Framework
latest version
1.51.16
latest non vulnerable version
first published
3 years ago
latest version published
9 months ago
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the starlite package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
starlite is a Light-weight and flexible ASGI API Framework Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when the multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. Exploiting this vulnerability is possible by sending many concurrent multipart requests in a loop, and might result in blocking all available worker processes and significantly delay or slow down the processing of legitimate user requests. Note:
This vulnerability affects applications with a request handler that accepts a How to fix Allocation of Resources Without Limits or Throttling? Upgrade | [,1.51.2) |
starlite is a Light-weight and flexible ASGI API Framework Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to missing How to fix Cross-site Request Forgery (CSRF)? Upgrade | [,1.28.0) |