Skip to content

Commit

Permalink
python311Packages.starlette: fix CVE-2024-47874
Browse files Browse the repository at this point in the history
> Denial of service (DoS) via multipart/form-data

GHSA-f96h-pmfr-66vw
  • Loading branch information
mweinelt committed Oct 24, 2024
1 parent e0933d7 commit aa3ba8d
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions pkgs/development/python-modules/starlette/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
lib,
buildPythonPackage,
fetchFromGitHub,
fetchpatch2,

# build-system
hatchling,
Expand Down Expand Up @@ -40,6 +41,15 @@ buildPythonPackage rec {
hash = "sha256-GiCN1sfhLu9i19d2OcLZrlY8E64DFrFh+ITRSvLaxdE=";
};

patches = [
(fetchpatch2 {
# https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw
name = "CVE-2024-47874.patch";
url = "https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733.patch";
hash = "sha256-N/v0xBa6e40ZrdHfDa5mlHJhh5IyDdC/XdmTtKNOYP4=";
})
];

nativeBuildInputs = [ hatchling ];

propagatedBuildInputs = [ anyio ] ++ lib.optionals (pythonOlder "3.10") [ typing-extensions ];
Expand Down

0 comments on commit aa3ba8d

Please sign in to comment.