Vulnerability Details CVE-2023-29159
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 79.1%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/encode/starlette/releases/tag/0.27.0
- https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px
- https://jvn.jp/en/jp/JVN95981715/
- https://github.com/encode/starlette/releases/tag/0.27.0
- https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px
- https://jvn.jp/en/jp/JVN95981715/
Products affected by CVE-2023-29159
-
cpe:2.3:a:encode:starlette:0.13.5
-
cpe:2.3:a:encode:starlette:0.13.6
-
cpe:2.3:a:encode:starlette:0.13.7
-
cpe:2.3:a:encode:starlette:0.13.8
-
cpe:2.3:a:encode:starlette:0.14.0
-
cpe:2.3:a:encode:starlette:0.14.1
-
cpe:2.3:a:encode:starlette:0.14.2
-
cpe:2.3:a:encode:starlette:0.15.0
-
cpe:2.3:a:encode:starlette:0.16.0
-
cpe:2.3:a:encode:starlette:0.17.0
-
cpe:2.3:a:encode:starlette:0.17.1
-
cpe:2.3:a:encode:starlette:0.18.0
-
cpe:2.3:a:encode:starlette:0.19.0
-
cpe:2.3:a:encode:starlette:0.19.1
-
cpe:2.3:a:encode:starlette:0.20.0
-
cpe:2.3:a:encode:starlette:0.20.1
-
cpe:2.3:a:encode:starlette:0.20.2
-
cpe:2.3:a:encode:starlette:0.20.3
-
cpe:2.3:a:encode:starlette:0.20.4
-
cpe:2.3:a:encode:starlette:0.21.0
-
cpe:2.3:a:encode:starlette:0.22.0
-
cpe:2.3:a:encode:starlette:0.23.0
-
cpe:2.3:a:encode:starlette:0.23.1
-
cpe:2.3:a:encode:starlette:0.24.0
-
cpe:2.3:a:encode:starlette:0.25.0
-
cpe:2.3:a:encode:starlette:0.26.0
-
cpe:2.3:a:encode:starlette:0.26.1