Safety vulnerability ID: 74715
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Inboard has updated its Starlette dependency from version range 0.23.x to 0.24.x (specifically from 'starlette>=0.23,<0.24' to 'starlette>=0.24,<0.25'). This update incorporates an important security fix that addresses a Denial of Service (DoS) vulnerability identified as CVE-2024-47874.
Latest version: 0.72.2
Docker images and utilities to power your Python APIs and help you ship faster.
(1bde85a8387820b5ae8635fec73d5093d2517096)
This release will update/upgrade to
[FastAPI 0.115.5](https://fastapi.tiangolo.com/release-notes/)
and
[Starlette 0.41](https://www.starlette.io/release-notes/). inboard was
already on FastAPI 0.115, so this is a patch release to align with
FastAPI versioning.
FastAPI 0.115.3 updated Starlette to `"starlette>=0.40.0,<0.42.0"`.
Changes to Starlette between 0.39 and 0.41 include a fix for a DoS
(Denial of Service) security vulnerability released in Starlette 0.40.0
([GHSA-f96h-pmfr-66vw](https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw)).
FastAPI has been repeatedly updating the minor version of Starlette in
patch releases of FastAPI. Previously, inboard pinned FastAPI to the
minor version (like `"fastapi>=0.115,<0.116"`), allowing patch version
updates whenever the inboard project was installed. Unfortunately, it
can result in version incompatibilities when FastAPI updates the
Starlette minor version unexpectedly like this. For example, the inboard
`pyproject.toml` previously specified `"fastapi>=0.115,<0.116"` and
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application