Skip to content

Security: starlette CVE-2025-54121 appears reachable in BiliNote #411

Description

@hamizan-azman

Security: starlette CVE-2025-54121 appears reachable in BiliNote

Summary

During local dependency-impact validation, we observed behavior indicating that
JefferyHcool/BiliNote reaches code paths involving vulnerable starlette versions. Please review
whether the project currently pins or allows affected starlette releases, and upgrade or constrain
the dependency if needed.

Affected dependency

Advisories observed

Local validation notes

  • CVE-2025-54121, starlette 0.46.1: Local proof exercised the file upload path associated with Starlette multipart parsing.

Suggested fix

Please upgrade starlette to a version that includes the upstream security fixes for the advisories
above, or add a dependency constraint that prevents affected versions from being installed.

Disclosure note

We have not opened a public security issue elsewhere for these rows. If you prefer a private disclosure route, please point us to the right channel.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions