CVE-2024-39903

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-39903
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39903.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-39903
Aliases
Related
Published
2024-07-12T15:15:11Z
Modified
2025-07-01T15:57:57.378395Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.

References

Affected packages

Git / github.com/widgetti/solara

Affected ranges

Type
GIT
Repo
https://github.com/widgetti/solara
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
df2fd66a7f4e8ffd36e8678697a8a4f76760dc54

Affected versions

@widgetti/solara-vuetify-app@1.*

@widgetti/solara-vuetify-app@1.1.1

@widgetti/solara-vuetify-app@10.*

@widgetti/solara-vuetify-app@10.0.0
@widgetti/solara-vuetify-app@10.0.1
@widgetti/solara-vuetify-app@10.0.2
@widgetti/solara-vuetify-app@10.0.3

@widgetti/solara-vuetify-app@2.*

@widgetti/solara-vuetify-app@2.0.0
@widgetti/solara-vuetify-app@2.1.0

@widgetti/solara-vuetify-app@3.*

@widgetti/solara-vuetify-app@3.0.0
@widgetti/solara-vuetify-app@3.0.1

@widgetti/solara-vuetify-app@4.*

@widgetti/solara-vuetify-app@4.0.0

@widgetti/solara-vuetify-app@5.*

@widgetti/solara-vuetify-app@5.0.1
@widgetti/solara-vuetify-app@5.0.2

@widgetti/solara-vuetify-app@6.*

@widgetti/solara-vuetify-app@6.0.0
@widgetti/solara-vuetify-app@6.1.0

@widgetti/solara-vuetify-app@7.*

@widgetti/solara-vuetify-app@7.0.0

@widgetti/solara-vuetify-app@8.*

@widgetti/solara-vuetify-app@8.0.0

@widgetti/solara-vuetify-app@9.*

@widgetti/solara-vuetify-app@9.0.0

@widgetti/solara-vuetify3-app@1.*

@widgetti/solara-vuetify3-app@1.0.0
@widgetti/solara-vuetify3-app@1.1.0

@widgetti/solara-vuetify3-app@2.*

@widgetti/solara-vuetify3-app@2.0.0

@widgetti/solara-vuetify3-app@3.*

@widgetti/solara-vuetify3-app@3.0.0

@widgetti/solara-vuetify3-app@4.*

@widgetti/solara-vuetify3-app@4.0.0

@widgetti/solara-vuetify3-app@5.*

@widgetti/solara-vuetify3-app@5.0.0
@widgetti/solara-vuetify3-app@5.0.1
@widgetti/solara-vuetify3-app@5.0.2

v0.*

v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.1.0
v0.1.1
v0.1.2
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.11.0
v0.12.0
v0.12.1
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.18.1
v0.18.2
v0.18.3
v0.19.0
v0.19.1
v0.2.0
v0.3.0
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.5.2
v0.7.0
v0.8.0
v0.8.1
v0.9.0
v0.9.1

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.16.1
v1.16.2
v1.16.3
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.18.0
v1.19.0
v1.2.0
v1.2.1
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.25.1
v1.26.0
v1.26.1
v1.27.0
v1.29.0
v1.29.1
v1.3.0
v1.30.0
v1.30.1
v1.31.0
v1.32.0
v1.32.1
v1.32.2
v1.33.0
v1.34.0
v1.34.1
v1.35.0
v1.4.0
v1.5.0
v1.6.0
v1.6.1
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.8.2
v1.9.0
v1.9.1