Nixpkgs security tracker
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse ignored reference https://d…
-
@LeSuisse
ignored
20 packages
- xmlstarlet
- python312Packages.starlette
- python313Packages.starlette
- python314Packages.starlette
- python312Packages.sse-starlette
- python312Packages.starlette-wtf
- python313Packages.sse-starlette
- python313Packages.starlette-wtf
- python314Packages.sse-starlette
- python314Packages.starlette-wtf
- python312Packages.starlette-admin
- python313Packages.starlette-admin
- python314Packages.starlette-admin
- python312Packages.starlette-context
- python313Packages.starlette-context
- python314Packages.starlette-context
- perl538Packages.Starlet
- python314Packages.starlette-compress
- python313Packages.starlette-compress
- python312Packages.starlette-compress
- @LeSuisse restored package perl538Packages.Starlet
- @LeSuisse accepted
- @LeSuisse published on GitHub
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
References
Affected products
- =<0.31
Matching in nixpkgs
pkgs.perlPackages.Starlet
Simple, high-performance PSGI/Plack HTTP server
pkgs.perl5Packages.Starlet
Simple, high-performance PSGI/Plack HTTP server
pkgs.perl538Packages.Starlet
Simple, high-performance PSGI/Plack HTTP server
pkgs.perl540Packages.Starlet
Simple, high-performance PSGI/Plack HTTP server
Ignored packages (19)
pkgs.xmlstarlet
Command line tool for manipulating and querying XML data
pkgs.python312Packages.starlette
Little ASGI framework that shines
pkgs.python313Packages.starlette
Little ASGI framework that shines
pkgs.python314Packages.starlette
Little ASGI framework that shines
pkgs.python312Packages.sse-starlette
Server Sent Events for Starlette and FastAPI
pkgs.python312Packages.starlette-wtf
Simple tool for integrating Starlette and WTForms
pkgs.python313Packages.sse-starlette
Server Sent Events for Starlette and FastAPI
pkgs.python313Packages.starlette-wtf
Simple tool for integrating Starlette and WTForms
pkgs.python314Packages.sse-starlette
Server Sent Events for Starlette and FastAPI
pkgs.python314Packages.starlette-wtf
Simple tool for integrating Starlette and WTForms
pkgs.python312Packages.starlette-admin
Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications
pkgs.python313Packages.starlette-admin
Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications
pkgs.python314Packages.starlette-admin
Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications
pkgs.python312Packages.starlette-context
Middleware for Starlette that allows you to store and access the context data of a request
pkgs.python313Packages.starlette-context
Middleware for Starlette that allows you to store and access the context data of a request
pkgs.python314Packages.starlette-context
Middleware for Starlette that allows you to store and access the context data of a request
pkgs.python312Packages.starlette-compress
Compression middleware for Starlette - supporting ZStd, Brotli, and GZip
pkgs.python313Packages.starlette-compress
Compression middleware for Starlette - supporting ZStd, Brotli, and GZip
pkgs.python314Packages.starlette-compress
Compression middleware for Starlette - supporting ZStd, Brotli, and GZip