Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
fastapi-guard patch contains bypassable RegEx
Vulnerability Description
fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. This type of patch fails to detect cases in which the string representing the attributes of a <script> tag exceeds 100 characters. As a result, most of the regex patterns present in version 3.0.1 can be bypassed. This is fixed in version 3.0.2.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
fastapi-guard 安全漏洞
Vulnerability Description
fastapi-guard是Renzo F个人开发者的一个FastAPI的安全库,提供中间件来控制IP、记录请求和检测渗透尝试。 fastapi-guard 3.0.1版本存在安全漏洞,该漏洞源于正则表达式长度限制不当,可能导致绕过防护机制。
CVSS Information
N/A
Vulnerability Type
N/A