Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: perl540Packages.Starlet

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-40561

created 4 weeks, 1 day ago Activity log

Created suggestion 4 weeks, 1 day ago

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

References

Affected products

Starlet

=<0.31

Matching in nixpkgs

pkgs.xmlstarlet

Command line tool for manipulating and querying XML data

nixos-unstable 1.6.1
- nixpkgs-unstable 1.6.1
- nixos-unstable-small 1.6.1
nixos-25.11 1.6.1
- nixos-25.11-small 1.6.1
- nixpkgs-25.11-darwin 1.6.1

pkgs.perlPackages.Starlet

Simple, high-performance PSGI/Plack HTTP server

nixos-unstable 0.31
- nixpkgs-unstable 0.31
- nixos-unstable-small 0.31
nixos-25.11 0.31
- nixos-25.11-small 0.31
- nixpkgs-25.11-darwin 0.31

pkgs.perl5Packages.Starlet

Simple, high-performance PSGI/Plack HTTP server

nixos-unstable 0.31
- nixpkgs-unstable 0.31
- nixos-unstable-small 0.31

pkgs.perl538Packages.Starlet

Simple, high-performance PSGI/Plack HTTP server

nixos-25.11 0.31
- nixos-25.11-small 0.31
- nixpkgs-25.11-darwin 0.31

pkgs.perl540Packages.Starlet

Simple, high-performance PSGI/Plack HTTP server

nixos-25.11 0.31
- nixos-25.11-small 0.31
- nixpkgs-25.11-darwin 0.31

pkgs.python312Packages.starlette

Little ASGI framework that shines

nixos-25.11 0.47.2
- nixos-25.11-small 0.47.2
- nixpkgs-25.11-darwin 0.47.2

pkgs.python313Packages.starlette

Little ASGI framework that shines

nixos-unstable 0.52.1
- nixpkgs-unstable 0.52.1
- nixos-unstable-small 0.52.1
nixos-25.11 0.47.2
- nixos-25.11-small 0.47.2
- nixpkgs-25.11-darwin 0.47.2

pkgs.python314Packages.starlette

Little ASGI framework that shines

nixos-unstable 0.52.1
- nixpkgs-unstable 0.52.1
- nixos-unstable-small 0.52.1

pkgs.python312Packages.sse-starlette

Server Sent Events for Starlette and FastAPI

nixos-25.11 3.0.3
- nixos-25.11-small 3.0.3
- nixpkgs-25.11-darwin 3.0.3

pkgs.python312Packages.starlette-wtf

Simple tool for integrating Starlette and WTForms

nixos-25.11 0.4.5
- nixos-25.11-small 0.4.5
- nixpkgs-25.11-darwin 0.4.5

pkgs.python313Packages.sse-starlette

Server Sent Events for Starlette and FastAPI

nixos-unstable 3.2.0
- nixpkgs-unstable 3.2.0
- nixos-unstable-small 3.2.0
nixos-25.11 3.0.3
- nixos-25.11-small 3.0.3
- nixpkgs-25.11-darwin 3.0.3

pkgs.python313Packages.starlette-wtf

Simple tool for integrating Starlette and WTForms

nixos-unstable 0.4.5
- nixpkgs-unstable 0.4.5
- nixos-unstable-small 0.4.5
nixos-25.11 0.4.5
- nixos-25.11-small 0.4.5
- nixpkgs-25.11-darwin 0.4.5

pkgs.python314Packages.sse-starlette

Server Sent Events for Starlette and FastAPI

nixos-unstable 3.2.0
- nixpkgs-unstable 3.2.0
- nixos-unstable-small 3.2.0

pkgs.python314Packages.starlette-wtf

Simple tool for integrating Starlette and WTForms

nixos-unstable 0.4.5
- nixpkgs-unstable 0.4.5
- nixos-unstable-small 0.4.5

pkgs.python312Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

nixos-25.11 0.15.1
- nixos-25.11-small 0.15.1
- nixpkgs-25.11-darwin 0.15.1

pkgs.python313Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

nixos-unstable 0.16.0
- nixpkgs-unstable 0.16.0
- nixos-unstable-small 0.16.0
nixos-25.11 0.15.1
- nixos-25.11-small 0.15.1
- nixpkgs-25.11-darwin 0.15.1

pkgs.python314Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

nixos-unstable 0.16.0
- nixpkgs-unstable 0.16.0
- nixos-unstable-small 0.16.0

pkgs.python312Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request

nixos-25.11 0.4.0
- nixos-25.11-small 0.4.0
- nixpkgs-25.11-darwin 0.4.0

pkgs.python313Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request

nixos-unstable 0.5.1
- nixpkgs-unstable 0.5.1
- nixos-unstable-small 0.5.1
nixos-25.11 0.4.0
- nixos-25.11-small 0.4.0
- nixpkgs-25.11-darwin 0.4.0

pkgs.python314Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request

nixos-unstable 0.5.1
- nixpkgs-unstable 0.5.1
- nixos-unstable-small 0.5.1

pkgs.python312Packages.starlette-compress

Compression middleware for Starlette - supporting ZStd, Brotli, and GZip

nixos-25.11 1.6.1
- nixos-25.11-small 1.6.1
- nixpkgs-25.11-darwin 1.6.1

pkgs.python313Packages.starlette-compress

Compression middleware for Starlette - supporting ZStd, Brotli, and GZip

nixos-unstable 1.6.1
- nixpkgs-unstable 1.6.1
- nixos-unstable-small 1.6.1
nixos-25.11 1.6.1
- nixos-25.11-small 1.6.1
- nixpkgs-25.11-darwin 1.6.1

pkgs.python314Packages.starlette-compress

Compression middleware for Starlette - supporting ZStd, Brotli, and GZip

nixos-unstable 1.6.1
- nixpkgs-unstable 1.6.1
- nixos-unstable-small 1.6.1

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@wd15 Daniel Wheeler <daniel.wheeler2@gmail.com>
@pbsds Peder Bergebakken Sundt <pbsds@hotmail.com>
@Zaczero Kamil Monicz <kamil@monicz.dev>
@wrvsrx wrvsrx <wrvsrx@outlook.com>
@yuyuyureka Yureka <yuka@yuka.dev>
@n0emis Ember Keske <nixpkgs@n0emis.network>
@johannwagner Johann Wagner <nix@wagner.digital>

1