AVB/bedrock-access-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
737cf076a05cd229b11d9a5ff268d511d2a3c849
bedrock-access-gateway/src/requirements.txt
Mengxin Zhu 9b3da3a5c8 fix(deps): update fastapi and starlette for CVE-2025-62727 (#216) 
Update dependencies to fix HIGH severity ReDoS vulnerability:
- fastapi==0.128.0
- starlette==0.49.1

CVE-2025-62727 allows unauthenticated attackers to send crafted HTTP
Range headers that trigger quadratic-time processing in FileResponse
Range parsing, causing CPU exhaustion and DoS.

Fixes #215
2026-01-19 11:57:01 +08:00

11 lines
213 B
Plaintext
Raw Blame History

fastapi==0.128.0
starlette==0.49.1 # CVE-2025-62727: Fix ReDoS in Range header parsing
pydantic==2.11.4
uvicorn==0.29.0
mangum==0.17.0
tiktoken==0.9.0
requests==2.32.4
numpy==2.2.5
boto3==1.40.4
botocore==1.40.4
Reference in New Issue View Git Blame Copy Permalink