Refine your search
2 vulnerabilities found for Starlette by Encode
jvndb-2023-000056
Vulnerability from jvndb
Published
2023-05-30 13:34
Modified
2024-03-19 18:08
Severity ?
Summary
Starlette vulnerable to directory traversal
Details
Starlette provided by Encode contains a directory traversal vulnerability (CWE-22).
Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000056.html",
"dc:date": "2024-03-19T18:08+09:00",
"dcterms:issued": "2023-05-30T13:34+09:00",
"dcterms:modified": "2024-03-19T18:08+09:00",
"description": "Starlette provided by Encode contains a directory traversal vulnerability (CWE-22).\r\n\r\nMasashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000056.html",
"sec:cpe": {
"#text": "cpe:/a:encode:starlette",
"@product": "Starlette",
"@vendor": "Encode",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "3.7",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000056",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN95981715/index.html",
"@id": "JVN#95981715",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-29159",
"@id": "CVE-2023-29159",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-29159",
"@id": "CVE-2023-29159",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Starlette vulnerable to directory traversal"
}
CVE-2023-30798 (GCVE-0-2023-30798)
Vulnerability from cvelistv5
Published
2023-04-21 15:27
Modified
2025-11-21 16:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/starlette-multipartparser-dos"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:30:33.208418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:30:40.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/starlette/",
"defaultStatus": "unaffected",
"packageName": "starlette",
"platforms": [
"all"
],
"product": "Starlette",
"repo": "https://github.com/encode/starlette",
"vendor": "Encode",
"versions": [
{
"lessThan": "0.25.0",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:encode:starlette:*:*:*:*:*:python:*:*",
"versionEndExcluding": "0.25.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2023-04-20T13:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There MultipartParser usage in Encode\u0027s Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service."
}
],
"value": "There MultipartParser usage in Encode\u0027s Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:11:35.735Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x"
},
{
"tags": [
"patch"
],
"url": "https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/starlette-multipartparser-dos"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MultipartParser DOS with too many fields or files in Starlette Framework",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-30798",
"datePublished": "2023-04-21T15:27:47.358Z",
"dateReserved": "2023-04-18T10:31:45.962Z",
"dateUpdated": "2025-11-21T16:11:35.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}