Path traversal in starlette - #VU132129
Published: May 16, 2023 / Updated: May 22, 2026
Vulnerability identifier: #VU132129
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Encode
Affected software:
starlette
starlette
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to path traversal in StaticFiles when handling crafted path requests. A remote attacker can request a specially crafted path to disclose sensitive information.
Files or directories whose names start with the same prefix as the configured static directory may be exposed.
Remediation
Install security update from vendor's website.