4 matches found
Minor fix to previous patch for CVE-2022-35918
Impact The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific condition...
alphapept (=0.3.29), api-automation-kit (>=0.2.0 <=0.7.0) +51 more potentially affected by CVE-2022-35918 via streamlit (>=0.63.1 <=1.11.0)
streamlit PYPI version =0.63.1, =0.2.0, =0.0.2, =0.0.4, =0.0.1, =0.1.0, =0.0.2, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.7 - gimmick =1.0.0 - hlm-texts =0.1.2 and more Source cves: CVE-2022-35918 Source advisory: OSV:GHSA-V4HR-4JPX-56GC...
alphapept (=0.3.29), api-automation-kit (>=0.2.0 <=0.7.0) +51 more potentially affected by CVE-2022-35918 via streamlit (>=0.63.1 <=1.11.0)
streamlit PYPI version =0.63.1, =0.2.0, =0.0.2, =0.0.4, =0.0.1, =0.1.0, =0.0.2, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.7 - gimmick =1.0.0 - hlm-texts =0.1.2 and more Source cves: CVE-2022-35918 Source advisory: OSV:PYSEC-2022-248...
CVE-2022-35918
CVE-2022-35918 affects Streamlit’s Python apps using custom components, enabling a directory traversal that could leak server-file data (e.g., logs, world-readable files). The issue arises from how the streamlit server processes crafted URLs containing file paths. Public analyses consistently not...