Information security
fromArs Technica
9 hours agoMillions of AI agents imperiled by critical vulnerability in open source package
BadHost in Starlette enables trivial HTTP Host header injection to bypass path-based authorization, exposing AI tooling servers and stored third-party credentials.