Safety vulnerability ID: 70845
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of Litestar are vulnerable to Path Traversal. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server.
Latest version: 2.13.0
Litestar - A production-ready, highly performant, extensible ASGI API Framework
:warning: **Important** :warning:
This release contains a patch for a [vulnerability](https://github.com/litestar-org/litestar/security/advisories/GHSA-83pv-qr33-2vcf) that would allow path traversal in the static file serving functionality of Litestar. It is highly recommended to update your minor version to this patch release.
You can find more background information in the related discussion 3473 .
Sponsors 🌟
Thanks to these incredible business sponsors:
[Scalar](https://scalar.com/) (scalar), [Telemetry Sports](https://telemetrysports.com/) (via chris-telemetry), [Stok](https://www.stok.kr/) (stok-team)
A huge 'Thank you!' to all other sponsors across [Polar.sh](https://polar.sh/litestar-org), [OpenCollective](https://opencollective.com/litestar) and [GitHub Sponsors](https://github.com/sponsors/litestar-org/)!
What's changed
* Fix improper Limitation of a Pathname to a Restricted Directory by peterschutt in https://github.com/litestar-org/litestar/security/advisories/GHSA-83pv-qr33-2vcf
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application