What is CVE-2024-32982 — Path Traversal in Litestar?

CVE-2024-32982 is a Path Traversal vulnerability affecting Litestar versions 2.0.0–>= 2.8.0 < 2.8.3, allowing attackers to access sensitive files outside designated directories.

Am I affected by CVE-2024-32982 in Litestar?

You are affected if you are using Litestar versions 2.0.0 through 2.8.2 (excluding 2.8.3).

How do I fix CVE-2024-32982 in Litestar?

Upgrade to Litestar version 2.8.3 or later to remediate the vulnerability. Consider temporary workarounds like WAF rules if immediate upgrade is not possible.

Is CVE-2024-32982 being actively exploited?

There is currently no indication of active exploitation campaigns, but public PoCs are likely to emerge.

Where can I find the official Litestar advisory for CVE-2024-32982?

Refer to the Litestar project's security advisories and release notes for the official announcement and details: [https://litestar.dev/](https://litestar.dev/)

CVE-2024-32982 — Vulnerability Details

Q: Am I affected by CVE-2024-32982 in Litestar?

You are affected if you are using Litestar versions 2.0.0 through 2.8.2 (excluding 2.8.3).

Q: How do I fix CVE-2024-32982 in Litestar?

Upgrade to Litestar version 2.8.3 or later to remediate the vulnerability. Consider temporary workarounds like WAF rules if immediate upgrade is not possible.

Q: Is CVE-2024-32982 being actively exploited?

There is currently no indication of active exploitation campaigns, but public PoCs are likely to emerge.

Q: Where can I find the official Litestar advisory for CVE-2024-32982?

Refer to the Litestar project's security advisories and release notes for the official announcement and details: [https://litestar.dev/](https://litestar.dev/)

NEXTGUARD

Gratis scannen

CVE-2024-32982 — Vulnerability Details | NextGuard

Detectiestappenwordt vertaald…

• python / server:

import os
import requests

url = 'http://your-litestar-server/static/../../../../etc/passwd' # Example path traversal attempt
response = requests.get(url)

if response.status_code == 200:
    print('Potential vulnerability detected: Path traversal successful!')
    print(response.text)
else:
    print('Path traversal attempt failed.')

• linux / server:

journalctl -u litestar -f | grep "path traversal"

• generic web:

curl -I http://your-litestar-server/static/../../../../etc/passwd

Check the response headers for any unexpected content or errors.

Litestar en Starlite getroffen door onjuiste beperking van een padnaam tot een beperkte directory ('Path Traversal')

Impact en Aanvalsscenarios

Uitbuitingscontext

Wie Loopt Risicowordt vertaald…

Detectiestappenwordt vertaald…

Aanvalstijdlijn

Dreigingsinformatie

Getroffen Software

Zwakheidsclassificatie (CWE)

Tijdlijn

Mitigatie en Workarounds

Hoe te verhelpenwordt vertaald…

CVE Beveiligingsnieuwsbrief

Veelgestelde vragenwordt vertaald…

What is CVE-2024-32982 — Path Traversal in Litestar?

Am I affected by CVE-2024-32982 in Litestar?

How do I fix CVE-2024-32982 in Litestar?

Is CVE-2024-32982 being actively exploited?

Where can I find the official Litestar advisory for CVE-2024-32982?

Is jouw project getroffen?

Detecteer deze CVE in je project