starlite@1.49.0 vulnerabilities

Performant, light and flexible ASGI API Framework

latest version

1.51.16
latest non vulnerable version

2.0.0a2
first published

3 years ago
latest version published

7 months ago
licenses detected
- MIT
  [0,)
View starlite package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the starlite package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Path Traversal starlite is a Light-weight and flexible ASGI API Framework Affected versions of this package are vulnerable to Path Traversal through the static content serving function. An attacker can gain unauthorized access to sensitive files outside the designated directories by exploiting path traversal flaws in the file path handling mechanism. Notes: From versions 0.X.X through 1.X.X, the package was released under the name "starlite." Starting with version 2.0.0 and for all subsequent versions, the package has been rebranded and released under the name "litestar." How to fix Path Traversal? Upgrade `starlite` to version 1.51.16 or higher.	[1.37.0,1.51.16)
H Allocation of Resources Without Limits or Throttling starlite is a Light-weight and flexible ASGI API Framework Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when the multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. Exploiting this vulnerability is possible by sending many concurrent multipart requests in a loop, and might result in blocking all available worker processes and significantly delay or slow down the processing of legitimate user requests. Note: This vulnerability affects applications with a request handler that accepts a `Body(media_type=RequestEncodingType.MULTI_PART)`. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `starlite` to version 1.51.2 or higher.	[,1.51.2)

Path Traversal

starlite is a Light-weight and flexible ASGI API Framework

Affected versions of this package are vulnerable to Path Traversal through the static content serving function. An attacker can gain unauthorized access to sensitive files outside the designated directories by exploiting path traversal flaws in the file path handling mechanism.

Notes:

From versions 0.X.X through 1.X.X, the package was released under the name "starlite."
Starting with version 2.0.0 and for all subsequent versions, the package has been rebranded and released under the name "litestar."

How to fix Path Traversal?

Upgrade starlite to version 1.51.16 or higher.

[1.37.0,1.51.16)

Allocation of Resources Without Limits or Throttling

starlite is a Light-weight and flexible ASGI API Framework

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when the multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. Exploiting this vulnerability is possible by sending many concurrent multipart requests in a loop, and might result in blocking all available worker processes and significantly delay or slow down the processing of legitimate user requests.

Note: This vulnerability affects applications with a request handler that accepts a Body(media_type=RequestEncodingType.MULTI_PART).

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade starlite to version 1.51.2 or higher.

[,1.51.2)

Go back to all versions of this package

starlite@1.49.0 vulnerabilities

Performant, light and flexible ASGI API Framework

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities