169 matches found
augbuilder (>=0.0.2 <=0.0.3), hlm-texts (=0.1.2) +15 more potentially affected by CVE-2023-27494 via streamlit (>=0.63.1 <=0.80.0)
streamlit PYPI version =0.63.1, =0.0.2, =0.0.2, =0.0.1, =0.1.6, =0.32.0, =0.10.8, =2.4.30, =0.1.0, =0.0.0, =0.1.0, =0.2.0 - streamlit-prophet =1.0.0 and more Source cves: CVE-2023-27494 Source advisory: OSV:GHSA-9C6G-QPGJ-RVXW...
GHSA-9C6G-QPGJ-RVXW Streamlit publishes previously-patched Cross-site Scripting vulnerability
Synopsis: Streamlit open source publicizes a prior security fix implemented in 2021. The vulnerability affected Streamlit versions between 0.63.0 and 0.80.0 inclusive and was patched on April 21, 2021. If you are using Streamlit with version before 0.63.0 or after 0.80.0, no action is required. 1...
Streamlit publishes previously-patched Cross-site Scripting vulnerability
Synopsis: Streamlit open source publicizes a prior security fix implemented in 2021. The vulnerability affected Streamlit versions between 0.63.0 and 0.80.0 inclusive and was patched on April 21, 2021. If you are using Streamlit with version before 0.63.0 or after 0.80.0, no action is required. 1...
CVE-2023-27494
Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...
augbuilder (>=0.0.2 <=0.0.3), hlm-texts (=0.1.2) +15 more potentially affected by CVE-2023-27494 via streamlit (>=0.63.1 <=0.80.0)
streamlit PYPI version =0.63.1, =0.0.2, =0.0.2, =0.0.1, =0.1.6, =0.32.0, =0.10.8, =2.4.30, =0.1.0, =0.0.0, =0.1.0, =0.2.0 - streamlit-prophet =1.0.0 and more Source cves: CVE-2023-27494 Source advisory: OSV:PYSEC-2023-50...
Cross site scripting
Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...
PYSEC-2023-50
Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...
PYSEC-2023-50
Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...
CVE-2023-27494 Streamlit Cross-site Scripting vulnerability
Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...
CVE-2023-27494
CVE-2023-27494 describes a reflected XSS in Streamlit open-source library for hosted apps, affecting versions 0.63.0–0.80.0. The vulnerability allowed an attacker to craft a malicious URL containing JavaScript payloads, which the server could render unescaped, enabling XSS. The issue was addresse...
CVE-2023-27494 Streamlit Cross-site Scripting vulnerability
Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...
CVE-2023-27494 Streamlit Cross-site Scripting vulnerability
Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...
Streamlit 跨站脚本漏洞
Streamlit is Streamlit open source a data-oriented Python application development framework . Streamlit version 0.81.0 before the cross-site scripting vulnerability , the vulnerability stems from the existence of reflective cross-site scripting XSS vulnerability , an attacker can use this...
PT-2023-21169 · Streamlit · Streamlit
Name of the Vulnerable Software and Affected Versions: Streamlit versions 0.63.0 through 0.80.0 Description: The issue is a cross-site scripting XSS vulnerability that affects users of hosted Streamlit apps. An attacker could craft a malicious URL with Javascript payloads to a Streamlit app,...
alphapept (=0.3.29), api-automation-kit (>=0.2.0 <=0.7.0) +51 more potentially affected by CVE-2022-35918 via streamlit (>=0.63.1 <=1.11.0)
streamlit PYPI version =0.63.1, =0.2.0, =0.0.2, =0.0.4, =0.0.1, =0.1.0, =0.0.2, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.7 - gimmick =1.0.0 - hlm-texts =0.1.2 and more Source cves: CVE-2022-35918 Source advisory: OSV:GHSA-V4HR-4JPX-56GC...
Streamlit directory traversal vulnerability
Impact Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with...
GHSA-V4HR-4JPX-56GC Streamlit directory traversal vulnerability
Impact Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with...
Path Traversal
streamlit is vulnerable to path traversal. The vulnerability exists in get function in ComponentRequestHandler due to improper handling of component requests outside the root directory which allows an attacker to access and overwrite the files by sending a malicious URL with file paths...
CVE-2022-35918
Streamlit is a data oriented application development framework for python. Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially othe...
Directory traversal
Streamlit is a data oriented application development framework for python. Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially othe...