3 matches found
augbuilder (>=0.0.2 <=0.0.3), hlm-texts (=0.1.2) +15 more potentially affected by CVE-2023-27494 via streamlit (>=0.63.1 <=0.80.0)
streamlit PYPI version =0.63.1, =0.0.2, =0.0.2, =0.0.1, =0.1.6, =0.32.0, =0.10.8, =2.4.30, =0.1.0, =0.0.0, =0.1.0, =0.2.0 - streamlit-prophet =1.0.0 and more Source cves: CVE-2023-27494 Source advisory: OSV:GHSA-9C6G-QPGJ-RVXW...
augbuilder (>=0.0.2 <=0.0.3), hlm-texts (=0.1.2) +15 more potentially affected by CVE-2023-27494 via streamlit (>=0.63.1 <=0.80.0)
streamlit PYPI version =0.63.1, =0.0.2, =0.0.2, =0.0.1, =0.1.6, =0.32.0, =0.10.8, =2.4.30, =0.1.0, =0.0.0, =0.1.0, =0.2.0 - streamlit-prophet =1.0.0 and more Source cves: CVE-2023-27494 Source advisory: OSV:PYSEC-2023-50...
CVE-2023-27494
CVE-2023-27494 describes a reflected XSS in Streamlit open-source library for hosted apps, affecting versions 0.63.0–0.80.0. The vulnerability allowed an attacker to craft a malicious URL containing JavaScript payloads, which the server could render unescaped, enabling XSS. The issue was addresse...