Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/starlette@0.26.0.post1
Typepypi
Namespace
Namestarlette
Version0.26.0.post1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.1
Latest_non_vulnerable_version1.0.1
Affected_by_vulnerabilities
0
url VCID-2c5q-buqw-u7ex
vulnerability_id VCID-2c5q-buqw-u7ex
summary 
BadHost: Missing Host header validation poisons request.url.path, bypassing path-based security checks
Starlette reconstructs the requested URL based on the HTTP Host request header and requested path, but does not perform any validation of the Host header value. This allows attackers to inject paths into the host part, prepending the actual path. However, routing in Starlette is based on the actual request path. This inconsistent interpretation of HTTP requests may lead to issues such as authentication bypass when the authentication depends on the reconstructed URL’s path.
references
0
reference_url https://badhost.org
reference_id
reference_type
scores
url https://badhost.org
1
reference_url https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6
reference_id
reference_type
scores
url https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6
2
reference_url https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
reference_id
reference_type
scores
url https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
3
reference_url https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette/
reference_id
reference_type
scores
url https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette/
4
reference_url https://www.secwest.net/starlette
reference_id
reference_type
scores
url https://www.secwest.net/starlette
5
reference_url https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette/
reference_id
reference_type
scores
url https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette/
fixed_packages
0
url pkg:pypi/starlette@1.0.1
purl pkg:pypi/starlette@1.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlette@1.0.1
aliases CVE-2026-48710, GHSA-86qp-5c8j-p5mr, PYSEC-2026-161, X41-2026-002
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c5q-buqw-u7ex
1
url VCID-vgxy-kjyx-bqfm
vulnerability_id VCID-vgxy-kjyx-bqfm
summary Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
references
0
reference_url https://github.com/encode/starlette
reference_id
reference_type
scores
url https://github.com/encode/starlette
1
reference_url https://github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py#L172-L174
reference_id
reference_type
scores
url https://github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py#L172-L174
2
reference_url https://github.com/encode/starlette/commit/1797de464124b090f10cf570441e8292936d63e3
reference_id
reference_type
scores
url https://github.com/encode/starlette/commit/1797de464124b090f10cf570441e8292936d63e3
3
reference_url https://github.com/encode/starlette/releases/tag/0.27.0
reference_id
reference_type
scores
url https://github.com/encode/starlette/releases/tag/0.27.0
4
reference_url https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px
reference_id
reference_type
scores
url https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2023-83.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2023-83.yaml
6
reference_url https://jvn.jp/en/jp/JVN95981715
reference_id
reference_type
scores
url https://jvn.jp/en/jp/JVN95981715
7
reference_url https://jvn.jp/en/jp/JVN95981715/
reference_id
reference_type
scores
url https://jvn.jp/en/jp/JVN95981715/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29159
reference_id CVE-2023-29159
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-29159
9
reference_url https://github.com/advisories/GHSA-v5gw-mw7f-84px
reference_id GHSA-v5gw-mw7f-84px
reference_type
scores
url https://github.com/advisories/GHSA-v5gw-mw7f-84px
fixed_packages
0
url pkg:pypi/starlette@0.27.0
purl pkg:pypi/starlette@0.27.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5q-buqw-u7ex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlette@0.27.0
aliases CVE-2023-29159, GHSA-v5gw-mw7f-84px, GMS-2023-1556, PYSEC-2023-83
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgxy-kjyx-bqfm
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/starlette@0.26.0.post1