From 59b8a596ede81abf7dc49a0a911951e0f920b896 Mon Sep 17 00:00:00 2001
From: aipcc-bot <aipcc-bot@redhat.com>
Date: Wed, 27 May 2026 23:41:30 +0000
Subject: [PATCH] RHOAIENG-64887: CVE-2026-48710 starlette security restriction
 bypass via malformed HTTP Host header

Add starlette>=1.0.1 floor constraint to cve-constraints.txt.
All images already resolve starlette 1.1.0 which satisfies the fix;
this constraint prevents future downgrades below the patched version.
---
 dependencies/cve-constraints.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependencies/cve-constraints.txt b/dependencies/cve-constraints.txt
index c2cf51e85e..20b5334d26 100644
--- a/dependencies/cve-constraints.txt
+++ b/dependencies/cve-constraints.txt
@@ -22,5 +22,5 @@ pillow>=12.2.0
 jupyterlab>=4.5.7
 # RHAIENG-3644: CVE-2026-0846 NLTK: Arbitrary file read via improper path validation in `filestring()` function
 nltk>=3.9.3
-# RHAIENG-5355: CVE-2026-48710 Starlette: Security restriction bypass via malformed HTTP Host header
+# RHAIENG-5355, RHOAIENG-64887: CVE-2026-48710 Starlette: Security restriction bypass via malformed HTTP Host header
 starlette>=1.0.1