CVE-2023-29159: Starlette has Path Traversal vulnerability in StaticFiles
(updated )
When using StaticFiles, if there’s a file or directory that starts with the same name as the StaticFiles directory, that file or directory is also exposed via StaticFiles which is a path traversal vulnerability.
References
- github.com/advisories/GHSA-v5gw-mw7f-84px
- github.com/encode/starlette
- github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py
- github.com/encode/starlette/commit/1797de464124b090f10cf570441e8292936d63e3
- github.com/encode/starlette/releases/tag/0.27.0
- github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px
- github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2023-83.yaml
- jvn.jp/en/jp/JVN95981715
- nvd.nist.gov/vuln/detail/CVE-2023-29159
Detect and mitigate CVE-2023-29159 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →