1 Matching Annotations
  1. May 2026
    1. The crux of the vulnerability is that Starlette accepts invalid host header values that cause authenticating apps that use Starlette's request.url object to approve unauthorized access requests.

      大多数人认为复杂的AI系统漏洞需要复杂的攻击手段,但作者认为这个漏洞仅通过修改HTTP主机头就能实现,这挑战了'高级系统需要高级攻击'的直觉认知,展示了简单输入验证错误可能导致灾难性后果的反直觉案例。