{"vulnerability": "ghsa-jp82-jpqv-5vv3", "sightings": [{"uuid": "3f1ea8ce-2784-42c8-85ec-87cb00858ba3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-jp82-jpqv-5vv3", "type": "seen", "source": "https://gist.github.com/ftnext/49c236d15e6d1d49960f59d346e70a25", "content": "# ref: https://github.com/ftnext/fastapi-playground/blob/53c921574510b753ed35095f6fe02ebcb4f98e4d/vulnerabilities/starlette/GHSA-jp82-jpqv-5vv3/run_starlette_app.py\n# https://github.com/Kludex/starlette/security/advisories/GHSA-jp82-jpqv-5vv3\n# /// script\n# requires-python = \"&gt;=3.12\"\n# dependencies = [\n#     \"starlette&lt;1.3.0\",\n#     \"uvicorn&gt;=0.49.0\",\n# ]\n# ///\n# Fixed at starlette&gt;=1.3.0\nfrom starlette.requests import Request\nfrom starlette.responses import PlainTextResponse\n\n\nasync def app(scope, receive, send):\n    request = Request(scope, receive)\n    body = \"\\n\".join(\n        [\n            f\"{scope[\"path\"]=}\",\n            f\"{request.url=}\",\n            f\"{request.url.netloc=}\",\n            f\"{request.url.hostname=}\",\n            f\"{request.url.path=}\",\n        ]\n    )\n    response = PlainTextResponse(body)\n    await response(scope, receive, send)\n\n\nif __name__ == \"__main__\":\n    import uvicorn\n\n    uvicorn.run(app)\n", "creation_timestamp": "2026-07-05T14:13:06.089487Z"}]}