Skip to content

Fix for GHSA-86qp-5c8j-p5mr#182

Closed
keycard-gh-workflows-access[bot] wants to merge 1 commit into
mainfrom
socket/fix/GHSA-86qp-5c8j-p5mr
Closed

Fix for GHSA-86qp-5c8j-p5mr#182
keycard-gh-workflows-access[bot] wants to merge 1 commit into
mainfrom
socket/fix/GHSA-86qp-5c8j-p5mr

Conversation

@keycard-gh-workflows-access

Copy link
Copy Markdown
Contributor

Socket fix for GHSA-86qp-5c8j-p5mr.

Vulnerability Summary: Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Severity: MODERATE

Affected Packages: starlette (PIP)

…on that poisons request.url.path, bypassing path-based security checks
@Larry-Osakwe

Copy link
Copy Markdown
Contributor

Obsolete: main's uv.lock already resolves starlette 1.3.1, at or above the 1.0.1 this PR targets for GHSA-86qp-5c8j-p5mr. The remaining Socket findings are batched in #187.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant