AVB/bedrock-access-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(deps): update fastapi and starlette for CVE-2025-62727 (#216)

Browse Source 
Update dependencies to fix HIGH severity ReDoS vulnerability:
- fastapi==0.128.0
- starlette==0.49.1

CVE-2025-62727 allows unauthenticated attackers to send crafted HTTP
Range headers that trigger quadratic-time processing in FileResponse
Range parsing, causing CPU exhaustion and DoS.

Fixes #215
This commit is contained in:
Mengxin Zhu
2026-01-19 11:57:01 +08:00
committed by GitHub
parent 1a7f55b89b
commit 9b3da3a5c8
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/requirements.txt
View File

@@ -1,4 +1,5 @@
fastapi==0.116.1
fastapi==0.128.0
starlette==0.49.1 # CVE-2025-62727: Fix ReDoS in Range header parsing
pydantic==2.11.4
uvicorn==0.29.0
mangum==0.17.0