—

PYSEC-2023-83

Details

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / starlette

Introduced in: 0.13.5 Fixed in: 0.27.0

Fix pip install --upgrade 'starlette>=0.27.0'

References

https://github.com/encode/starlette/releases/tag/0.27.0 [WEB]
https://jvn.jp/en/jp/JVN95981715/ [WEB]
https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px [ADVISORY]