Skip to content

fastapi-0.115.12-py3-none-any.whl: 1 vulnerabilities (highest severity is: 5.3) #243

New issue
New issue
Open
Open
fastapi-0.115.12-py3-none-any.whl: 1 vulnerabilities (highest severity is: 5.3)#243
Labels
Mend: dependency security vulnerabilitySecurity vulnerability detected by Mend
@mend-for-github-com

Description

@mend-for-github-com
mend-for-github-com
bot
opened on Jul 23, 2025
Vulnerable Library - fastapi-0.115.12-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250321171515_XNDBOP/python_DMCYIJ/202503211715181/env/lib/python3.9/site-packages/starlette-0.46.1.dist-info,/tmp/ws-ua_20250327161424_IPCJPZ/python_IXLIFT/202503271614271/env/lib/python3.9/site-packages/starlette-0.46.1.dist-info

Vulnerabilities

Vulnerability Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (fastapi version) Remediation Possible** Reachability
CVE-2025-54121 Medium 5.3 Not Defined 0.0% starlette-0.46.1-py3-none-any.whl Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2025-54121

Vulnerable Library - starlette-0.46.1-py3-none-any.whl

The little ASGI library that shines.

Library home page: https://files.pythonhosted.org/packages/a0/4b/528ccf7a982216885a1ff4908e886b8fb5f19862d1962f56a3fce2435a70/starlette-0.46.1-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20250321171515_XNDBOP/python_DMCYIJ/202503211715181/env/lib/python3.9/site-packages/starlette-0.46.1.dist-info,/tmp/ws-ua_20250327161424_IPCJPZ/python_IXLIFT/202503271614271/env/lib/python3.9/site-packages/starlette-0.46.1.dist-info

Dependency Hierarchy:

  • fastapi-0.115.12-py3-none-any.whl (Root Library)
    • starlette-0.46.1-py3-none-any.whl (Vulnerable Library)

Found in base branch: main

Vulnerability Details

Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will block the main thread to roll the file over to disk. This blocks the event thread which means the application can't accept new connections. The UploadFile code has a minor bug where instead of just checking for self._in_memory, the logic should also check if the additional bytes will cause a rollover. The vulnerability is fixed in version 0.47.2.

Publish Date: 2025-07-21

URL: CVE-2025-54121

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: dependency security vulnerabilitySecurity vulnerability detected by Mend

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      pFad - Phonifier reborn

      Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

      Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


      Alternative Proxies:

      Alternative Proxy

      pFad Proxy

      pFad v3 Proxy

      pFad v4 Proxy