Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/starlite@1.40.0
Typepypi
Namespace
Namestarlite
Version1.40.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.0a1
Latest_non_vulnerable_version2.0.0a1
Affected_by_vulnerabilities
0
url VCID-ebdk-x88t-sfhd
vulnerability_id VCID-ebdk-x88t-sfhd
summary Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server. The vulnerability is located in the file path handling mechanism within the static content serving function, specifically at `litestar/static_files/base.py`. This vulnerability is fixed in versions 2.8.3, 2.7.2, and 2.6.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32982
reference_id
reference_type
scores
0
value 0.00297
scoring_system epss
scoring_elements 0.53563
published_at 2026-06-13T12:55:00Z
1
value 0.00297
scoring_system epss
scoring_elements 0.5355
published_at 2026-06-14T12:55:00Z
2
value 0.00297
scoring_system epss
scoring_elements 0.53548
published_at 2026-06-12T12:55:00Z
3
value 0.00297
scoring_system epss
scoring_elements 0.53422
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32982
1
reference_url https://github.com/litestar-org/litestar
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/litestar-org/litestar
2
reference_url https://github.com/litestar-org/litestar/commit/a07b79b84d8717bec5ac4d4674c1e4920ba9c813
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/litestar-org/litestar/commit/a07b79b84d8717bec5ac4d4674c1e4920ba9c813
3
reference_url https://github.com/litestar-org/litestar/commit/57e706e7effdc182fc9a2af5981bc88afb21851b
reference_id 57e706e7effdc182fc9a2af5981bc88afb21851b
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-07-03T14:26:20Z/
url https://github.com/litestar-org/litestar/commit/57e706e7effdc182fc9a2af5981bc88afb21851b
4
reference_url https://github.com/litestar-org/litestar/blob/main/litestar/static_files/base.py#L70
reference_id base.py#L70
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-07-03T14:26:20Z/
url https://github.com/litestar-org/litestar/blob/main/litestar/static_files/base.py#L70
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32982
reference_id CVE-2024-32982
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32982
6
reference_url https://github.com/advisories/GHSA-83pv-qr33-2vcf
reference_id GHSA-83pv-qr33-2vcf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83pv-qr33-2vcf
7
reference_url https://github.com/litestar-org/litestar/security/advisories/GHSA-83pv-qr33-2vcf
reference_id GHSA-83pv-qr33-2vcf
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-07-03T14:26:20Z/
url https://github.com/litestar-org/litestar/security/advisories/GHSA-83pv-qr33-2vcf
fixed_packages
0
url pkg:pypi/starlite@1.51.15
purl pkg:pypi/starlite@1.51.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g64v-ymrn-1yfk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlite@1.51.15
1
url pkg:pypi/starlite@1.51.16
purl pkg:pypi/starlite@1.51.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g64v-ymrn-1yfk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlite@1.51.16
aliases CVE-2024-32982, GHSA-83pv-qr33-2vcf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebdk-x88t-sfhd
1
url VCID-g64v-ymrn-1yfk
vulnerability_id VCID-g64v-ymrn-1yfk
summary Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to upload arbitrary large files wrapped in a `multipart/form-data` request and cause excessive memory consumption on the server. The multipart form parser in affected versions is vulnerable to this type of attack by design. The public method signature as well as its implementation both expect the entire request body to be available as a single byte string. It is not possible to accept large file uploads in a safe way using this parser. This may be a regression, as a variation of this issue was already reported in CVE-2023-25578. Limiting the part number is not sufficient to prevent out-of-memory errors on the server. A patch is available in version 2.13.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52581
reference_id
reference_type
scores
0
value 0.00445
scoring_system epss
scoring_elements 0.63984
published_at 2026-06-13T12:55:00Z
1
value 0.00445
scoring_system epss
scoring_elements 0.63981
published_at 2026-06-14T12:55:00Z
2
value 0.00445
scoring_system epss
scoring_elements 0.63969
published_at 2026-06-12T12:55:00Z
3
value 0.00445
scoring_system epss
scoring_elements 0.63867
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52581
1
reference_url https://github.com/advisories/GHSA-gjcc-jvgw-wvwj
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjcc-jvgw-wvwj
2
reference_url https://github.com/litestar-org/litestar
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/litestar-org/litestar
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/litestar/PYSEC-2024-178.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/litestar/PYSEC-2024-178.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52581
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52581
5
reference_url https://github.com/litestar-org/litestar/commit/53c1473b5ff7502816a9a339ffc90731bb0c2138
reference_id 53c1473b5ff7502816a9a339ffc90731bb0c2138
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-21T14:05:15Z/
url https://github.com/litestar-org/litestar/commit/53c1473b5ff7502816a9a339ffc90731bb0c2138
6
reference_url https://github.com/litestar-org/litestar/security/advisories/GHSA-gjcc-jvgw-wvwj
reference_id GHSA-gjcc-jvgw-wvwj
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-21T14:05:15Z/
url https://github.com/litestar-org/litestar/security/advisories/GHSA-gjcc-jvgw-wvwj
7
reference_url https://github.com/litestar-org/litestar/security/advisories/GHSA-p24m-863f-fm6q
reference_id GHSA-p24m-863f-fm6q
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-21T14:05:15Z/
url https://github.com/litestar-org/litestar/security/advisories/GHSA-p24m-863f-fm6q
8
reference_url https://github.com/litestar-org/litestar/blob/main/litestar/_multipart.py#L97
reference_id _multipart.py#L97
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-21T14:05:15Z/
url https://github.com/litestar-org/litestar/blob/main/litestar/_multipart.py#L97
fixed_packages
0
url pkg:pypi/starlite@2.0.0a1
purl pkg:pypi/starlite@2.0.0a1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlite@2.0.0a1
aliases CVE-2024-52581, GHSA-gjcc-jvgw-wvwj, PYSEC-2024-178
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g64v-ymrn-1yfk
2
url VCID-geae-qaf3-5uhq
vulnerability_id VCID-geae-qaf3-5uhq
summary Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. This is a remote, potentially unauthenticated Denial of Service vulnerability. This vulnerability affects applications with a request handler that accepts a `Body(media_type=RequestEncodingType.MULTI_PART)`. The large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow down the processing of legitimate user requests. The large amount of RAM accumulated while processing requests can lead to Out-Of-Memory kills. Complete DoS is achievable by sending many concurrent multipart requests in a loop. Version 1.51.2 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25578
reference_id
reference_type
scores
0
value 0.01275
scoring_system epss
scoring_elements 0.80032
published_at 2026-06-14T12:55:00Z
1
value 0.01275
scoring_system epss
scoring_elements 0.79959
published_at 2026-06-11T12:55:00Z
2
value 0.01275
scoring_system epss
scoring_elements 0.8004
published_at 2026-06-13T12:55:00Z
3
value 0.01275
scoring_system epss
scoring_elements 0.80022
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25578
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/starlite/PYSEC-2023-49.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/starlite/PYSEC-2023-49.yaml
2
reference_url https://github.com/starlite-api/starlite
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/starlite-api/starlite
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25578
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25578
4
reference_url https://github.com/starlite-api/starlite/commit/9674fe803628f986c03fe60769048cbc55b5bf83
reference_id 9674fe803628f986c03fe60769048cbc55b5bf83
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:52Z/
url https://github.com/starlite-api/starlite/commit/9674fe803628f986c03fe60769048cbc55b5bf83
5
reference_url https://github.com/advisories/GHSA-p24m-863f-fm6q
reference_id GHSA-p24m-863f-fm6q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p24m-863f-fm6q
6
reference_url https://github.com/starlite-api/starlite/security/advisories/GHSA-p24m-863f-fm6q
reference_id GHSA-p24m-863f-fm6q
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:52Z/
url https://github.com/starlite-api/starlite/security/advisories/GHSA-p24m-863f-fm6q
7
reference_url https://github.com/starlite-api/starlite/releases/tag/v1.51.2
reference_id v1.51.2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:52Z/
url https://github.com/starlite-api/starlite/releases/tag/v1.51.2
fixed_packages
0
url pkg:pypi/starlite@1.51.2
purl pkg:pypi/starlite@1.51.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ebdk-x88t-sfhd
1
vulnerability VCID-g64v-ymrn-1yfk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlite@1.51.2
aliases CVE-2023-25578, GHSA-p24m-863f-fm6q, PYSEC-2023-49
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-geae-qaf3-5uhq
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/starlite@1.40.0