SCA: security update for litestar, starlite (GHSA-83pv-qr33-2vcf)

high Tenable Self-Hosted Container Security Plugin ID 412396

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2,
and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving
component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling
unauthorized access to sensitive files outside the designated directories. Such access can lead to the
disclosure of sensitive information or potentially compromise the server. The vulnerability is located in
the file path handling mechanism within the static content serving function, specifically at
`litestar/static_files/base.py`. This vulnerability is fixed in versions 2.8.3, 2.7.2, and 2.6.4.
(CVE-2024-32982)

See Also

https://github.com/advisories/GHSA-83pv-qr33-2vcf

Plugin Details

Severity: High

ID: 412396

Version: Revision 1.13

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3.5

Percentile: 52.01

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N

CVSS Score Source: CVE-2024-32982

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 5/6/2024

Vulnerability Publication Date: 5/6/2024

Reference Information

CVE: CVE-2024-32982

cwe: CWE-22