GHSA-8qw9-gf7w-42x5

Source

https://github.com/advisories/GHSA-8qw9-gf7w-42x5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-8qw9-gf7w-42x5/GHSA-8qw9-gf7w-42x5.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-8qw9-gf7w-42x5

Published

2024-01-12T17:35:21Z

Modified

2024-12-04T05:41:16.494613Z

Summary

Minor fix to previous patch for CVE-2022-35918

Details

Impact

The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific conditions.

Patches

We released an update in version 1.30.0 to further tighten security measures. Users are strongly advised to update to version 1.30.0 immediately for optimal security.

Workarounds

No additional workarounds are necessary once the update to version 1.30.0 is applied.

For more information

If you have any questions or comments about this advisory: * Email us at security@streamlit.io

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T17:35:21Z"
}

References

Affected packages

PyPI / streamlit

Package

Name: streamlit; View open source insights on deps.dev
Purl: pkg:pypi/streamlit

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.63.0

Fixed

1.30.0

Affected versions

0.*

0.63.0

0.63.1

0.64.0

0.65.0

0.65.1

0.65.2

0.66.0

0.67.0

0.67.1

0.68.0

0.68.1

0.69.0

0.69.1

0.69.2

0.70.0

0.71.0

0.72.0

0.73.0

0.73.1

0.74.0

0.74.1

0.75.0

0.76.0

0.77.0

0.78.0

0.79.0

0.80.0

0.81.0

0.81.1

0.82.0

0.83.0

0.84.0

0.84.1

0.84.2

0.85.0

0.85.1

0.86.0

0.87.0

0.88.0

0.89.0

1.*

1.0.0

1.1.0

1.2.0

1.3.0

1.3.1

1.4.0

1.5.0

1.5.1

1.6.0rc3

1.6.0rc4

1.6.0

1.7.0

1.8.0rc1

1.8.0

1.8.1rc1

1.8.1

1.9.0rc1

1.9.0

1.9.1rc1

1.9.1rc2

1.9.1

1.9.2rc1

1.9.2

1.10.0rc1

1.10.0rc2

1.10.0

1.11.0rc1

1.11.0

1.11.1rc1

1.11.1

1.12.0rc1

1.12.0rc2

1.12.0

1.12.1rc1

1.12.1

1.12.2rc1

1.12.2rc2

1.12.2

1.13.0rc1

1.13.0rc2

1.13.0

1.14.0rc1

1.14.0

1.14.1rc1

1.14.1

1.15.0

1.15.1

1.15.2rc1

1.15.2

1.16.0

1.17.0

1.18.0

1.18.1rc1

1.18.1

1.19.0

1.20.0

1.21.0

1.22.0

1.23.0

1.23.1

1.24.0

1.24.1

1.25.0

1.26.0

1.26.1

1.27.0

1.27.1

1.27.2

1.28.0

1.28.1

1.28.2

1.29.0