Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server. The vulnerability is located in the file path handling mechanism within the static content serving function, specifically at `litestar/static_files/base.py`. This vulnerability is fixed in versions 2.8.3, 2.7.2, and 2.6.4.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-05-06T14:38:10.875Z
Updated: 2024-08-02T02:27:53.331Z
Reserved: 2024-04-22T15:14:59.167Z
Link: CVE-2024-32982
Vulnrichment
Updated: 2024-08-02T02:27:53.331Z
NVD
Status : Awaiting Analysis
Published: 2024-05-06T15:15:23.330
Modified: 2024-05-06T21:15:48.373
Link: CVE-2024-32982
Redhat
No data.