CNNVD-202510-803 Information

CNNVD ID

CNNVD-202510-803

Related CVE

CVE-2025-59152

• CNNVD Published: 2025-10-06

Description (Chinese)

Litestar是Litestar开源的一个强大、灵活但固执己见的 ASGI 框架。 Litestar 2.17.0版本存在安全漏洞，该漏洞源于无条件信任X-Forwarded-For标头，可能导致绕过速率限制。

Description (English)

Litestar is a powerful, flexible but adamant ASGI framework for Litestar’s open source. There is a security loophole in version 2.17.0 of Litestar, which stems from unconditional confidence in the X-Forwarded-For header, which could lead to bypass rates.

Hazard Level

Medium

Vulnerability Type

其他

Published

2025-10-06

Last Modified

2026-02-24

References

https://github.com/litestar-org/litestar/blob/26f20ac6c52de2b4bf81161f7560c8bb4af6f382/litestar/middleware/rate_limit.py#L127 https://github.com/litestar-org/litestar/commit/42a89e043e50b515f8548a93954fe143f63cf9fb https://github.com/litestar-org/litestar/security/advisories/GHSA-hm36-ffrh-c77c

Patch

https://github.com/litestar-org/litestar/releases