mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2026-04-22 23:08:53 +02:00
33b2b5827a
Upgrade fastmcp, aiohttp, cryptography, and anthropic to fix critical SSRF/path traversal, header injection, OAuth confused deputy, and DoS vulnerabilities. <details> <summary>✅ 16 CVEs resolved by this upgrade, including 2 critical 🚨 CVEs</summary> <br> This PR will resolve the following CVEs: | Issue | Severity | Description | | --- | --- | --- | | <pre>[CVE-2026-32871](https://app.aikido.dev/issues/25944204/detail?groupId=70007#CVE-2026-32871)</pre> | <pre>🚨 CRITICAL</pre> | [fastmcp] Path traversal vulnerability in URL construction allows attackers to bypass API prefix restrictions and access arbitrary backend endpoints using unencoded path parameters, enabling authenticated SSRF attacks. | | <pre>[CVE-2026-27124](https://app.aikido.dev/issues/25944204/detail?groupId=70007#CVE-2026-27124)</pre> | <pre>HIGH</pre> | [fastmcp] OAuthProxy fails to validate user consent when receiving authorization codes from GitHub, allowing attackers to exploit GitHub's consent-skipping behavior to gain unauthorized access to FastMCP servers through a Confused Deputy attack. | | <pre>[CVE-2025-64340](https://app.aikido.dev/issues/25944204/detail?groupId=70007#CVE-2025-64340)</pre> | <pre>MEDIUM</pre> | [fastmcp] Server names with shell metacharacters can cause command injection on Windows when passed to install commands, allowing arbitrary code execution through cmd.exe interpretation of .cmd wrapper files. | | <pre>[CVE-2026-34520](https://app.aikido.dev/issues/25944198/detail?groupId=70007#CVE-2026-34520)</pre> | <pre>🚨 CRITICAL</pre> | [aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4. | | <pre>[CVE-2026-34516](https://app.aikido.dev/issues/25944198/detail?groupId=70007#CVE-2026-34516)</pre> | <pre>HIGH</pre> | [aiohttp] A response with an excessive number of multipart headers can consume more memory than intended, leading to a denial of service (DoS) vulnerability through resource exhaustion. | | <pre>[CVE-2026-22815](https://app.aikido.dev/issues/25944198/detail?groupId=70007#CVE-2026-22815)</pre> | <pre>MEDIUM</pre> | [aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4. | | <pre>[CVE-2026-34515](https://app.aikido.dev/issues/25944198/detail?groupId=70007#CVE-2026-34515)</pre> | <pre>MEDIUM</pre> | [aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4. | | <pre>[CVE-2026-34525](https://app.aikido.dev/issues/25944198/detail?groupId=70007#CVE-2026-34525)</pre> | <pre>MEDIUM</pre> | [aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4. | | <pre>[CVE-2026-34513](https://app.aikido.dev/issues/25944198/detail?groupId=70007#CVE-2026-34513)</pre> | <pre>LOW</pre> | [aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4. | | <pre>[CVE-2026-34514](https://app.aikido.dev/issues/25944198/detail?groupId=70007#CVE-2026-34514)</pre> | <pre>LOW</pre> | [aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4. | | <pre>[CVE-2026-34517](https://app.aikido.dev/issues/25944198/detail?groupId=70007#CVE-2026-34517)</pre> | <pre>LOW</pre> | [aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. This issue has been patched in version 3.13.4. | | <pre>[CVE-2026-34518](https://app.aikido.dev/issues/25944198/detail?groupId=70007#CVE-2026-34518)</pre> | <pre>LOW</pre> | [aiohttp] When following redirects to a different origin, the framework fails to drop the Cookie and Proxy-Authorization headers alongside the Authorization header, potentially leaking sensitive authentication credentials to untrusted domains. | | <pre>[CVE-2026-34519](https://app.aikido.dev/issues/25944198/detail?groupId=70007#CVE-2026-34519)</pre> | <pre>LOW</pre> | [aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4. | | <pre>[CVE-2026-39892](https://app.aikido.dev/issues/25637201/detail?groupId=70007#CVE-2026-39892)</pre> | <pre>MEDIUM</pre> | [cryptography] Non-contiguous buffers passed to cryptographic APIs can cause buffer overflows, potentially leading to memory corruption and arbitrary code execution. | | <pre>[CVE-2026-34452](https://app.aikido.dev/issues/25944200/detail?groupId=70007#CVE-2026-34452)</pre> | <pre>MEDIUM</pre> | [anthropic] A time-of-check-time-of-use (TOCTOU) vulnerability in the async filesystem memory tool allows local attackers to escape the sandbox directory via symlink manipulation, enabling arbitrary file read/write operations outside the intended memory directory. | | <pre>[CVE-2026-34450](https://app.aikido.dev/issues/25944200/detail?groupId=70007#CVE-2026-34450)</pre> | <pre>MEDIUM</pre> | [anthropic] The local filesystem memory tool created world-readable and potentially world-writable files, allowing local attackers to read persisted agent state or modify memory files to influence model behavior. | </details> Co-authored-by: aikido-autofix[bot] <119856028+aikido-autofix[bot]@users.noreply.github.com>
Stirling PDF - The Open-Source PDF Platform
Stirling PDF is a powerful, open-source PDF editing platform. Run it as a personal desktop app, in the browser, or deploy it on your own servers with a private API. Edit, sign, redact, convert, and automate PDFs without sending documents to external services.
Key Capabilities
- Everywhere you work - Desktop client, browser UI, and self-hosted server with a private API.
- 50+ PDF tools - Edit, merge, split, sign, redact, convert, OCR, compress, and more.
- Automation & workflows - No-code pipelines direct in UI with APIs to process millions of PDFs.
- Enterprise‑grade - SSO, auditing, and flexible on‑prem deployments.
- Developer platform - REST APIs available for nearly all tools to integrate into your existing systems.
- Global UI - Interface available in 40+ languages.
For a full feature list, see the docs: https://docs.stirlingpdf.com
Quick Start
docker run -p 8080:8080 docker.stirlingpdf.com/stirlingtools/stirling-pdf
Then open: http://localhost:8080
For full installation options (including desktop and Kubernetes), see our Documentation Guide.
Resources
Support
- Community Discord
- Bug Reports: Github issues
Contributing
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
For development setup, see the Developer Guide.
For adding translations, see the Translation Guide.
License
Stirling PDF is open-core. See LICENSE for details.