Lucene search

Veracode Vulnerability DatabaseVERACODE:46789

HistoryMay 07, 2024 - 1:35 p.m.

Local File Inclusion (LFI)

2024-05-0713:35:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

lfi

path traversal

information disclosure

server compromise

static files

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

Percentile

15.5%

JSON

Litestar and Starlite are vulnerable to a Local File Inclusion (LFI). The vulnerability is due to path traversal flaws within static_files/base.py, allowing attackers to access sensitive files outside designated directories, potentially leading to information disclosure or server compromise.

References

github.com/advisories/GHSA-83pv-qr33-2vcf

github.com/litestar-org/litestar/blob/main/litestar/static_files/base.py#L70

github.com/litestar-org/litestar/commit/57e706e7effdc182fc9a2af5981bc88afb21851b

github.com/litestar-org/litestar/security/advisories/GHSA-83pv-qr33-2vcf

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for VERACODE:46789