CVE-2024-32982

Name of the Vulnerable Software and Affected Versions Litestar versions prior to 2.8.3 Litestar versions prior to 2.7.2 Litestar versions prior to 2.6.4

Description A Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of Litestar, allowing attackers to exploit path traversal flaws and gain unauthorized access to sensitive files outside the designated directories. This vulnerability is located in the file path handling mechanism within the static content serving function, specifically at litestar/static files/base.py. The vulnerability enables attackers to access sensitive information, potentially compromise the server, and may lead to the exposure of sensitive information or further attacks.

Recommendations For versions prior to 2.8.3, update to version 2.8.3 or later. For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 2.6.4, update to version 2.6.4 or later. As a temporary workaround, consider implementing rigorous input validation and sanitization mechanisms for file path inputs, and normalizing file paths before using them in file operations to prevent directory traversal.