PYSEC-2023-83

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/starlette/PYSEC-2023-83.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2023-83

Aliases

CVE-2023-29159
GHSA-v5gw-mw7f-84px

Published

2023-06-01T02:15:00Z

Modified

2023-11-01T05:01:47.325139Z

Summary

[none]

Details

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.

References

https://github.com/encode/starlette/releases/tag/0.27.0
https://jvn.jp/en/jp/JVN95981715/
https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px

Affected packages

PyPI / starlette

Package

Name: starlette; View open source insights on deps.dev
Purl: pkg:pypi/starlette

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.13.5

Fixed

0.27.0

Affected versions

0.*

0.13.5

0.13.6

0.13.7

0.13.8

0.14.0

0.14.1

0.14.2

0.15.0

0.16.0

0.17.0

0.17.1

0.18.0

0.19.0

0.19.1

0.20.0

0.20.1

0.20.2

0.20.3

0.20.4

0.21.0

0.22.0

0.23.0

0.23.1

0.24.0

0.25.0

0.26.0

0.26.0.post1

0.26.1