X41J

**Name of the Vulnerable Software and Affected Versions** Starlette versions prior to 1.0.1 **Description** Starlette fails to validate the HTTP `Host` request header before using it to reconstruct `request.url`. While the routing algorithm uses the raw HTTP path, `request.url` is rebuilt from the `Host` header. An attacker can inject characters such as `/`, `?`, or `#` into the `Host` header to shift path, query, or fragment boundaries during re-parsing. This causes `request.url.path` to differ from the actual requested path. Consequently, middleware and endpoints that apply security restrictions based on `request.url` (or `request.url.path`) instead of the raw `scope` path can be bypassed. This issue, nicknamed "BadHost", can lead to unauthorized access to protected endpoints, server-side request forgery (SSRF), and remote code execution in certain environments, particularly affecting AI infrastructure like FastAPI, vLLM, LiteLLM, and MCP servers. **Recommendations** Upgrade to version 1.0.1 or later. As a temporary workaround, replace the use of `request.url.path` with `scope["path"]` in middleware. Deploy a reverse proxy that validates or normalizes `Host` headers before forwarding requests. Move authentication from path-based middleware to FastAPI's `Depends()` function.