OSTIFDuring a security audit of vLLM managed by OSTIF.org, a bug was discovered through manual analysis by a senior security expert at X41 D-Sec.
A lack of input sanitization on host header paths in Starlette leads to bypassing auth with a single character across a huge swath of Python LLM infrastructure.
Update to Starlette 1.0.1 as soon as possible and read more about this vulnerability on https://badhost.org
