CVE-2023-29159

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-29159

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29159.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-29159

Aliases

Related

Published

2023-06-01T02:15:09Z

Modified

2025-07-01T14:48:00.274564Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.

References

Affected packages

Debian:11 / starlette

Package

Name: starlette
Purl: pkg:deb/debian/starlette?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.14.1-1

0.16.0-1

0.18.0-1

0.20.4-1

0.23.1-1

0.24.0-1

0.25.0-1

0.25.0-2

0.26.1-1

0.28.0-1

0.30.0-1

0.31.1-1

0.37.2-1

0.38.2-1

0.39.1-1

0.39.2-1

0.41.0-1

0.41.2-1

0.41.3-1

0.41.3-2

0.46.1-1

0.46.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / starlette

Package

Name: starlette
Purl: pkg:deb/debian/starlette?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.26.1-1

0.28.0-1

0.30.0-1

0.31.1-1

0.37.2-1

0.38.2-1

0.39.1-1

0.39.2-1

0.41.0-1

0.41.2-1

0.41.3-1

0.41.3-2

0.46.1-1

0.46.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / starlette

Package

Name: starlette
Purl: pkg:deb/debian/starlette?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.28.0-1

Affected versions

0.*

0.26.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/encode/starlette

Affected ranges

Type: GIT
Repo: https://github.com/encode/starlette
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0c4b68ac4e179a788e38bac28f299dcad0f36e99

Affected versions

0.*

0.1.0

0.1.1

0.1.10

0.1.11

0.1.12

0.1.13

0.1.14

0.1.15

0.1.16

0.1.17

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.10.0

0.10.1

0.10.4

0.11.1

0.11.2

0.11.3

0.11.4

0.12.0

0.12.0.b1

0.12.0.b2

0.12.0.b3

0.12.11

0.12.12

0.12.13

0.12.2

0.12.3

0.12.4

0.12.5

0.12.6

0.12.7

0.12.8

0.12.9

0.13.0

0.13.1

0.13.2

0.13.3

0.13.4

0.13.5

0.13.6

0.13.7

0.13.8

0.14.0

0.14.1

0.14.2

0.15.0

0.16.0

0.17.0

0.17.1

0.18.0

0.19.0

0.19.1

0.2.0

0.2.1

0.2.2

0.2.3

0.20.0

0.20.1

0.20.2

0.20.3

0.20.4

0.21.0

0.22.0

0.23.0

0.23.1

0.24.0

0.25.0

0.26.0

0.26.0.post1

0.26.1

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.3.7

0.4.0

0.4.1

0.4.2

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.6.1

0.6.2

0.6.3

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.8.5

0.8.6

0.8.7

0.8.8

0.9.0

0.9.1

0.9.10

0.9.11

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9