Debian Starlette vulnerabilities

5 known vulnerabilities affecting debian/starlette.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2025-62727HIGHCVSS 7.5fixed in starlette 0.50.0-1 (forky)2025

CVE-2025-62727 [HIGH] CVE-2025-62727: starlette - Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 an... Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files (

CVE-2025-54121MEDIUMCVSS 5.3fixed in starlette 0.46.1-3 (forky)2025

CVE-2025-54121 [MEDIUM] CVE-2025-54121: starlette - Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framewor... Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will block the main thread to roll the file over to disk. This blocks the event thread whic

CVE-2024-47874HIGHCVSS 8.7fixed in starlette 0.41.0-1 (forky)2024

CVE-2024-47874 [HIGH] CVE-2024-47874: starlette - Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. ... Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to

CVE-2023-30798HIGHCVSS 7.5fixed in starlette 0.25.0-1 (bookworm)2023

CVE-2023-30798 [HIGH] CVE-2023-30798: starlette - There MultipartParser usage in Encode's Starlette python framework before versio... There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service. Scope: local bookworm: resolved (fixed in 0.25.0-1) bullseye: open forky: resolved (fixed in

CVE-2023-29159HIGHCVSS 7.5fixed in starlette 0.28.0-1 (forky)2023

CVE-2023-29159 [HIGH] CVE-2023-29159: starlette - Directory traversal vulnerability in Starlette versions 0.13.5 and later and pri... Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 0.28.0-1) sid: resolved (fixed in 0.28.0-1) trixie: resolved (fixed in 0.28.0-1)