starlite@1.51.3 vulnerabilities

Performant, light and flexible ASGI API Framework

Direct Vulnerabilities

Known vulnerabilities in the starlite package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Path Traversal

starlite is a Light-weight and flexible ASGI API Framework

Affected versions of this package are vulnerable to Path Traversal through the static content serving function. An attacker can gain unauthorized access to sensitive files outside the designated directories by exploiting path traversal flaws in the file path handling mechanism.

Notes:

  1. From versions 0.X.X through 1.X.X, the package was released under the name "starlite."

  2. Starting with version 2.0.0 and for all subsequent versions, the package has been rebranded and released under the name "litestar."

How to fix Path Traversal?

Upgrade starlite to version 1.51.16 or higher.

[1.37.0,1.51.16)