starlette-0.13.2-py3-none-any.whl: 1 vulnerabilities (highest severity is: 7.5) #39
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
|
Nice, one of tasks is done |
|
Nice to meet you, @mend-bolt-for-github[bot]. Thank you for creating an issue. There are some tasks for you:
To close issue send comment "close", to reopen - "reopen" |
Micro-Learning Topic: Directory traversal (Detected by phrase)Matched on "directory traversal"Path traversal vulnerabilities occur when inputs that have not been sufficiently validated or sanitised are used to build directory or file paths. If an attacker can influence the path being accessed by the server, they may be able to gain unauthorised access to files or even execute arbitrary code on the server (when coupled with file upload functionality). Try a challenge in Secure Code WarriorHelpful references
Micro-Learning Topic: Path traversal (Detected by phrase)Matched on "Path Traversal"Path traversal vulnerabilities occur when inputs that have not been sufficiently validated or sanitised are used to build directory or file paths. If an attacker can influence the path being accessed by the server, they may be able to gain unauthorised access to files or even execute arbitrary code on the server (when coupled with file upload functionality). Try a challenge in Secure Code WarriorHelpful references
Micro-Learning Topic: Vulnerable library (Detected by phrase)Matched on "Vulnerable Library"Use of vulnerable components will introduce weaknesses into the application. Components with published vulnerabilities will allow easy exploitation as resources will often be available to automate the process. Try a challenge in Secure Code Warrior |
|
Thanks for issue, @mend-bolt-for-github[bot]! @AdamOswald, thank you for closing this issue, I have less work. I will look forward to our next meeting😜
|
The little ASGI library that shines.
Library home page: https://files.pythonhosted.org/packages/37/2e/f56602beda25b376bbaaeadb626cf212b673457075ffed0dd12969ad6014/starlette-0.13.2-py3-none-any.whl
Path to dependency file: /module/sprites-as-a-service-0.5.0/backend/requirements.txt
Path to vulnerable library: /module/sprites-as-a-service-0.5.0/backend/requirements.txt,/module/sprites-as-a-service-0.5.0/backend/requirements.txt,/module/runx-0.0.5
Found in HEAD commit: 1def381581db59d139b24ef0a32eed6f8e3b2af8
Vulnerabilities
Details
Vulnerable Library - starlette-0.13.2-py3-none-any.whl
The little ASGI library that shines.
Library home page: https://files.pythonhosted.org/packages/37/2e/f56602beda25b376bbaaeadb626cf212b673457075ffed0dd12969ad6014/starlette-0.13.2-py3-none-any.whl
Path to dependency file: /module/sprites-as-a-service-0.5.0/backend/requirements.txt
Path to vulnerable library: /module/sprites-as-a-service-0.5.0/backend/requirements.txt,/module/sprites-as-a-service-0.5.0/backend/requirements.txt,/module/runx-0.0.5
Dependency Hierarchy:
Found in HEAD commit: 1def381581db59d139b24ef0a32eed6f8e3b2af8
Found in base branch: master
Vulnerability Details
Path Traversal vulnerability was found in starlette before 0.13.5. The vulnerability allows a remote attacker to perform directory traversal attacks. The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Publish Date: 2020-06-23
URL: WS-2020-0300
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2020-06-23
Fix Resolution: starlette - 0.13.5
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: