Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2024/01/12 5:35 p.m.43 views

Minor fix to previous patch for CVE-2022-35918

Impact The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific condition...

6.5CVSS7AI score0.01292EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/08/06 5:51 a.m.4 views

alphapept (=0.3.29), api-automation-kit (>=0.2.0 <=0.7.0) +51 more potentially affected by CVE-2022-35918 via streamlit (>=0.63.1 <=1.11.0)

streamlit PYPI version =0.63.1, =0.2.0, =0.0.2, =0.0.4, =0.0.1, =0.1.0, =0.0.2, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.7 - gimmick =1.0.0 - hlm-texts =0.1.2 and more Source cves: CVE-2022-35918 Source advisory: OSV:GHSA-V4HR-4JPX-56GC...

6.5CVSS6.5AI score0.01292EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/08/01 10:15 p.m.5 views

alphapept (=0.3.29), api-automation-kit (>=0.2.0 <=0.7.0) +51 more potentially affected by CVE-2022-35918 via streamlit (>=0.63.1 <=1.11.0)

streamlit PYPI version =0.63.1, =0.2.0, =0.0.2, =0.0.4, =0.0.1, =0.1.0, =0.0.2, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.7 - gimmick =1.0.0 - hlm-texts =0.1.2 and more Source cves: CVE-2022-35918 Source advisory: OSV:PYSEC-2022-248...

6.5CVSS6.5AI score0.01292EPSS
Exploits0
CVE
CVE
added 2022/08/01 9:25 p.m.111 views

CVE-2022-35918

CVE-2022-35918 affects Streamlit’s Python apps using custom components, enabling a directory traversal that could leak server-file data (e.g., logs, world-readable files). The issue arises from how the streamlit server processes crafted URLs containing file paths. Public analyses consistently not...

6.5CVSS6.2AI score0.01292EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder