litestar
python · litestarHeads-up
litestar AllowedHostsMiddleware trusts X-Forwarded-Host when Host header missing
AllowedHostsMiddleware trusts the X-Forwarded-Host header when the Host header is absent, allowing bypass of host validation.
11 Jun 2026 · schedule it
python · litestarCritical
litestar: CSRF cookie XSS via unsafe template pattern
Litestar instances using templates with CSRF protection are vulnerable to HTML injection leading to XSS because the CSRF cookie co
11 Jun 2026 · act now