CVE-2026-25480
- EPSS 0.01%
- Veröffentlicht 09.02.2026 18:49:34
- Zuletzt bearbeitet 17.02.2026 15:12:34
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord() substitution without separators, creating key collisions. When FileStore is used...
CVE-2026-25479
- EPSS 0.01%
- Veröffentlicht 09.02.2026 18:48:19
- Zuletzt bearbeitet 17.02.2026 15:14:04
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g....
CVE-2026-25478
- EPSS 0.01%
- Veröffentlicht 09.02.2026 18:46:56
- Zuletzt bearbeitet 17.02.2026 15:15:29
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharact...
CVE-2025-59152
- EPSS 0.07%
- Veröffentlicht 06.10.2025 15:23:12
- Zuletzt bearbeitet 08.10.2025 19:38:32
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In version 2.17.0, rate limits can be completely bypassed by manipulating the X-Forwarded-For header. This renders IP-based rate limiting ineffective against determined attackers....
CVE-2024-52581
- EPSS 0.45%
- Veröffentlicht 20.11.2024 21:15:08
- Zuletzt bearbeitet 25.11.2024 14:15:07
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size o...