GHSA-674p-xv2x-rf3g: Litestar has potential log injection in exception logging

August 11, 2025

Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or log_exceptions is set to “always”, which allows attackers to inject newlines and forge log entries.

References

github.com/advisories/GHSA-674p-xv2x-rf3g
github.com/litestar-org/litestar
github.com/litestar-org/litestar/commit/03b5813d4f448dd710af9ba6252d798cb9fc087f
github.com/litestar-org/litestar/security/advisories/GHSA-674p-xv2x-rf3g

Code Behaviors & Features

Detect and mitigate GHSA-674p-xv2x-rf3g with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →