{"id":"PYSEC-2023-83","details":"Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.","aliases":["CVE-2023-29159","GHSA-v5gw-mw7f-84px"],"modified":"2023-11-01T05:01:47.325139Z","published":"2023-06-01T02:15:00Z","references":[{"type":"WEB","url":"https://github.com/encode/starlette/releases/tag/0.27.0"},{"type":"WEB","url":"https://jvn.jp/en/jp/JVN95981715/"},{"type":"ADVISORY","url":"https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px"}],"affected":[{"package":{"name":"starlette","ecosystem":"PyPI","purl":"pkg:pypi/starlette"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.13.5"},{"fixed":"0.27.0"}]}],"versions":["0.13.5","0.13.6","0.13.7","0.13.8","0.14.0","0.14.1","0.14.2","0.15.0","0.16.0","0.17.0","0.17.1","0.18.0","0.19.0","0.19.1","0.20.0","0.20.1","0.20.2","0.20.3","0.20.4","0.21.0","0.22.0","0.23.0","0.23.1","0.24.0","0.25.0","0.26.0","0.26.0.post1","0.26.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/starlette/PYSEC-2023-83.yaml"}}],"schema_version":"1.7.3"}