TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

48% Positive

Analyzed from 1414 words in the discussion.

Trending Topics

#path#starlette#fastapi#server#https#servers#uri#port#web#python

Discussion (48 Comments)Read Original on HackerNews

nickcw1 day ago
If you read the advisory and are wondering what starlette is, from it's web page: starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python.

It's used a lot in the data heavy AI world for it's efficiency shipping large files. This includes lots and lots of production servers.

From the advisory: this includes LLM inference servers like vLLM, LLM proxy servers like LiteLLM, AI agent frameworks, MCP gateways, and custom APIs. MCP servers are especially at risk because the MCP spec mandates unauthenticated OAuth discovery endpoints, providing a reliable path for exploitation.

alex_suzuki1 day ago
Notably, Starlette powers FastAPI, an extremely popular Python framework for building HTTP services.
spennantabout 23 hours ago
Is this still true?
b40d-48b2-979eabout 23 hours ago
You may be thinking of Litestar (previously named Starlite) that was based on Starlette akin to FastAPI but then went their own direction implementing a framework rather than relying on an upstream for their core product.
discord23about 23 hours ago
Yes, it's literally the first bullet point on the project's website.
hsbauauvhabzb1 day ago
Ironically typing ‘make sure my server is secure’ into an LLM either wasn’t done, or missed it until now.
wongarsu1 day ago
The posted page has an entire section titled "Why didn't Mythos find this?"

tl;dr: the bug spans three components in different code bases that when looked at in isolation each do reasonable things. The bug is in the interaction, in the assumed properties of the value that eventually gets exposed as request.url.path. That was apparently too subtle for current Anthropic models to spot

winstonwinstonabout 13 hours ago
The posted page said that finding logic bugs of this kind requires ‘understanding’ which LLM cannot.
hsbauauvhabzbabout 23 hours ago
So an LLM was unable to reason about a codebase to find cross-library vulnerabilities.

Your response was a weak excuse, it’s a clear demonstration of the shortcomings of LLMs which will inevitably cause headlines in the future.

magnio1 day ago
Never, ever, ever transform URIs and paths by string manipulation. If you think pulling in a library for this is overkill, it is not.

(Lesson learned from trying to quickly write my own function to make ".." to go back one URL segment that took 3 hours and discovering the URI spec contradicts my intuition depending on whether the URI is a URL or filesystem path.)

unbelievrabout 22 hours ago
Differentials between different URI parsers are a huge source of bugs. The amount of shenanigans you can do inside URIs is bonkers, and trying to handle this by yourself with some regex and string splitting is absolutely insane.

Like https://www.example.com:443@203569230:8080/ will send you to the IP address "12.34.56.78" on port 8080 using basic authentication with the domain and port as username and password. If your code tries to split by `:` or check that the URI starts with some specific string, then it won't be good enough. Indeed, use a library that you trust.

Joker_vDabout 24 hours ago
I don't believe Python's urllib has a function that takes what HTTP terms an "origin-form" (an absolute path with possibly a query attached to it with "?") and parses it apart.

Still, the RFC 9112 that defines HTTP/1.1 basics requires that, for the purposes of URI reconstruction, "if there is no Host header field or if its field value is empty or invalid, the target URI's authority component is empty."

hftabout 23 hours ago
https://docs.python.org/3/library/urllib.parse.html
Joker_vDabout 21 hours ago
Yep, none of them are suitable for this use case; you need to validate the Host header first and reconstruct the URI first before parsing it.
TZubiriabout 14 hours ago
You kind of have to, it's not turtles all the way down, at some point the network is sending strings my man.

You just have not to make mistakes, there's no silver bullet or instant cop-out like "this would never happen to me because I don't do one of the things in this multi-sub-system vuln".

noirscape1 day ago
If you're using nginx/apache/literally anything that does reverse proxying correctly, this shouldn't be a problem unless you're routing all traffic over default_server rules unstead of server_name (or the equivalent).

They should be stopping this attack at the door (even if only to clean out your logs from scraper door knocks), which is probably why it went unnoticed for years. I don't think anyone would be deploying {A,W}SGI servers on public facing ports these days. Even if only because SSL termination is much easier in the proxy layer.

Also good lord that ARS article is a mess. What the hell happened there? An ASGI server isn't unique to AI or anything, it's just a regular supply chain dependency. I kinda expect better from ARS on stuff like this.

ostif-derek1 day ago
You're relying on everyone in the world to set things up in a way that provides defense in depth. Not everyone is going to do that.

Which means there's going to be a lot of cases where people don't do the safe thing.

Especially, as other's have said, in the case of MCP servers, where the spec mandates exposed oauth.

acdha1 day ago
The saving grace here is that people are most commonly doing this for reasons other than as a defense - serving static files efficiently, combining multiple services, caching, DDoS protection, etc. There are certainly some directly exposed FastAPI instances but it’s been against the grain for decades.
noirscapeabout 24 hours ago
Or probably the most straightforward one, which is SSL termination. Most backend software usually has very bad support for HTTPS communication, while it's typically extensively documented for something like nginx. It also catches some other strangeness like making it easier to update the certificate.

The biggest risk is incorrect usage of the default_server directive, the proper way in which to handle it isn't usually taught in most "here's how you use nginx" tutorials. Most usually just have you edit the default server blocks.

Tldr that covers 99% of all cases: you want 2 default server blocks, one on port 80 and one on port 443. The one on port 80 should only return 444 (an internal nginx status code that stops the connection immediately with no response), while the one on port 443 should use ssl_reject_handshake to terminate the SSL connection as quickly as possible without causing strange errors (you also need a self-signed certificate because otherwise openssl refuses to do protocol negotiation correctly, but the cert doesn't actually do anything). After that, specify your actual domains as separate server blocks using server_name (including a separate one for each to do the port 80->443 redirect).

Arguably this should be the default configuration shipped by distros, but it isn't for some reason, which doesn't help matters.

anakaine1 day ago
Ars has had a depreciating quality the past few years by most accounts. They've been trying a bit harder recently it seems, but shaking off the allure of half baked short form journalism is hard, I guess.
s2l1 day ago
From the link, on how the attack works:

An attacker can send a crafted request like GET /protected with a Host: example.com/health?x= header. The request will reach the /proteced path, but request.url would be https://example.com/health?x=/protected, and request.url.path would return /health instead of the real request path.

nickcw1 day ago
I found a similar vulnerability in the Zeus Web Server ( https://en.wikipedia.org/wiki/Zeus_Web_Server ) in January 2000.

Zeus had a great feature where you could set up virtual servers just by creating directories. So if you wanted to host www.example.com and www.anotherexample.com you just created two directories of those names like that and away you went.

I discovered that the if you sent `Host:` headers which started with `/` then you could use it to traverse the file system and read any file you wanted.

Plus ça change, plus c'est la même chose!

Muromec1 day ago
So the classic case of two parsers disagreing and being too permissive in accepting input
ostif-derek2 days ago
This is a bad one. Rating it a medium understates how hard it hits thousands of downstream projects and billions of installs. People need to patch asap. I'm normally against the "giving a bug a name, logo, and website" trope, but this one is getting poor patch rates because of it being rated a medium and landing right before a big American holiday weekend.
acdha1 day ago
I agree it’s fairly bad on its own but it’s substantially mitigated if you aren’t exposing Starlette/FastAPI directly to the internet – if you use a CDN, load-balancer / API Gateway, or a fronting web server it’s likely that your service is protected since the attacks depend on characters which are not valid in DNS (and in the first couple of cases, likely need to match to route traffic to the right customer).

As an example, I just confirmed that both Cloudflare and AWS ALBs reject all of the attack patterns. Still not good, lateral movement is a time-honored tactic, etc. but it buys time to patch.

Ekarosabout 23 hours ago
Also requires that you build specific kind of logic in your access control. So it really depends on implementation. Some codebases are vulnerable where as others are not.
ExoticPearTreeabout 24 hours ago
I don't know if many people run FastAPI directly without any reverse proxy, load balancer etc. in front of their services.

Probably this is why it is marked as medium.

BadBadJellyBeanabout 19 hours ago
Is catchy name with domain and website for every vulnerability now the norm? I mean it's good that it was found but there have been a lot of vulnerability websites lately.
arccyabout 19 hours ago
they should make a .cve tld to make keeping track of these easier.
zbentleyabout 17 hours ago
https://www.cve.org/
reconappabout 19 hours ago
It's a bit of an overkill but then again, why not.
0xbadcafebeeabout 23 hours ago
I need to start some kind of public counter for major vulnerabilities that could have been prevented with a software building code. It's been ticking up a lot latey
burner4200421 day ago
Notably CVE-2026-48710 hasn't been added into cloud sec vuln catalogs quite yet. Since fastapi ~is starlette, expect the later half of this week / early next to be busy.
janci1 day ago
path-based auth middleware is a bad practice IMHO
acdhaabout 24 hours ago
I think there’s a solid argument for global auth middleware, where this is a problem if you use the path for exceptions like health-checks or a login endpoint.
andrewstuart1 day ago
Setting aside this issue, Starlette is a really great web server.

If you do async python I strongly recommend it.

FastAPI is built on Starlette - to be honest I don’t see the point of the extra baggage - just use Starlette.

0123456789ABCDE1 day ago
fastAPI will give you `/openapi.json`, `/docs` with no extra effort

function name becomes a human readable summary, string docs the description

edit: bottle.py and fastapi are the most significant contributions to web frameworks in python — decorators for path handlers, typed input/output, automatic docs

Muromec1 day ago
Is it like flask, but even flaskier?
0123456789ABCDEabout 23 hours ago
the lore: https://en.wikipedia.org/wiki/Flask_(web_framework)#History
andrewstuart1 day ago
Yes sir, more flaskatronic.
ylk2 days ago
The URL was meant to be https://badhost.org, the site accidentally still has the old canonical meta tag.
Advertisement