Miggo Logo

GHSA-qj8w-rv5x-2v9h: Duplicate Advisory: Starlette vulnerable to directory traversal

7.5

CVSS Score
3.1

Basic Information

CVE ID
-
EPSS Score
-
Published
6/1/2023
Updated
11/6/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
starlettepip>= 0.13.5, < 0.27.00.27.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the directory traversal check in StaticFiles handling. The commit diff shows a critical change from os.path.commonprefix() to os.path.commonpath() in starlette/staticfiles.py. The original commonprefix approach failed to properly validate() path components, as demonstrated in the PoC where paths like '/static/../static1.txt' bypassed security checks. The lookup_path function is directly responsible for path validation in static file handling, making it the clear vulnerable function. Multiple sources (advisory, CWE-22 mapping, and commit analysis) confirm this root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

## *upli**t* **visory T*is **visory **s ***n wit**r*wn ****us* it is * *upli**t* o* **S*-v**w-mw**-**px. T*is link is m*int*in** to pr*s*rv* *xt*rn*l r***r*n**s. ## Ori*in*l **s*ription *ir**tory tr*v*rs*l vuln*r**ility in St*rl*tt* v*rsions *.**.*

Reasoning

T** vuln*r**ility st*ms *rom t** *ir**tory tr*v*rs*l ****k in St*ti**il*s **n*lin*. T** *ommit *i** s*ows * *riti**l ***n** *rom `os.p*t*.*ommonpr**ix()` to `os.p*t*.*ommonp*t*()` in `st*rl*tt*/st*ti**il*s.py`. T** ori*in*l *ommonpr**ix *ppro*** **il