Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Litestar has a CORS origin allowlist bypass due to unescaped regex metacharacters in allowed origins
Vulnerability Description
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharacters are not escaped, a malicious origin can match unexpectedly. The check relies on allowed_origins_regex.fullmatch(origin). This vulnerability is fixed in 2.20.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
过度许可的跨域白名单
Vulnerability Title
Litestar 安全漏洞
Vulnerability Description
Litestar是Litestar开源的一个强大、灵活但固执己见的 ASGI 框架。 Litestar 2.20.0之前版本存在安全漏洞,该漏洞源于正则表达式元字符未转义,可能导致恶意源意外匹配。
CVSS Information
N/A
Vulnerability Type
N/A