CVE-2024-32982: Litestar and Starlite vulnerable to Path Traversal

May 6, 2024

Local File Inclusion via Path Traversal in LiteStar Static File Serving

A Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server.

References

github.com/advisories/GHSA-83pv-qr33-2vcf
github.com/litestar-org/litestar
github.com/litestar-org/litestar/blob/main/litestar/static_files/base.py
github.com/litestar-org/litestar/security/advisories/GHSA-83pv-qr33-2vcf
nvd.nist.gov/vuln/detail/CVE-2024-32982

Code Behaviors & Features

Detect and mitigate CVE-2024-32982 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →