CVE-2025-54365

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-54365

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54365.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-54365

Aliases

GHSA-rrf6-pxg8-684g

Related

GHSA-rrf6-pxg8-684g

Published

2025-07-23T23:15:24Z

Modified

2025-07-25T16:47:47.546767Z

Summary

[none]

Details

fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. This type of patch fails to detect cases in which the string representing the attributes of a <script> tag exceeds 100 characters. As a result, most of the regex patterns present in version 3.0.1 can be bypassed. This is fixed in version 3.0.2.

References

Affected packages

Git / github.com/rennf93/fastapi-guard

Affected ranges

Type: GIT
Repo: https://github.com/rennf93/fastapi-guard
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0829292c322d33dc14ab00c5451c5c138148035a

Fixed

d9d50e8130b7b434cdc1b001b8cfd03a06729f7f

Affected versions

0.*

0.2.0

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.4.0

1.*

1.0.0

1.1.0

1.2.0

1.2.1

1.2.2

1.3.2

1.4.0

1.5.0

2.*

2.0.0

2.0.1

2.1.0

2.1.1

2.1.2

2.1.3

3.*

3.0.0

3.0.1

v0.*

v0.1.0