📦 Litestar

Litestar ASGI framework versions before 2.20.0 have a CORS origin validation bypass vulnerability. Attackers can craft malicious origin headers that match the allowed_origins_regex pattern due to impr...

Litestar multipart form parser versions before 2.13.0 have no default limit for request body size, allowing attackers to upload arbitrarily large files in multipart/form-data requests. This causes exc...

Litestar ASGI framework versions before 2.20.0 have a host validation bypass vulnerability. Attackers can craft malicious host headers that match regex patterns but aren't the intended literal hostnam...

This vulnerability in Litestar's FileStore cache backend allows unauthenticated attackers to cause cache key collisions through specially crafted URLs. When exploited, it can make one URL serve cached...