PT-2025-12299 · Fastapi+2 · Fastapi+2

Published

2025-03-20

Updated

2025-03-21

CVE-2025-0182

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions danswer-ai/danswer version 0.9.0

Description The issue arises from the use of a vulnerable version of the starlette package (<=0.49) via fastapi, which was patched in fastapi version 0.115.3. This can be exploited by sending multiple requests to the "/auth/saml/callback" endpoint, leading to uncontrolled memory consumption and eventual denial of service.

Recommendations For danswer-ai/danswer version 0.9.0, update fastapi to version 0.115.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/auth/saml/callback" endpoint to minimize the risk of exploitation.

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

CVE-2025-0182

Affected Products

Answer

Fastapi

Starlette

PT-2025-12299 · Fastapi+2 · Fastapi+2

CVE-2025-0182

Weakness Enumeration

Related Identifiers

Affected Products

References · 3