5 matches found
CVE-2022-35918
CVE-2022-35918 affects Streamlit’s Python apps using custom components, enabling a directory traversal that could leak server-file data (e.g., logs, world-readable files). The issue arises from how the streamlit server processes crafted URLs containing file paths. Public analyses consistently not...
CVE-2023-27494
CVE-2023-27494 describes a reflected XSS in Streamlit open-source library for hosted apps, affecting versions 0.63.0–0.80.0. The vulnerability allowed an attacker to craft a malicious URL containing JavaScript payloads, which the server could render unescaped, enabling XSS. The issue was addresse...
CVE-2024-42474
CVE-2024-42474 affects Streamlit Open Source on Windows via the static file sharing feature, enabling path traversal that could leak the Windows user’s password hash. The issue was identified in Streamlit and patched in version 1.37.0 (released around July 25, 2024). Evidence in connected sources...
CVE-2026-10804
CVE-2026-10804 affects Streamlit up to 1.53.0, targeting an unknown function in the Palette Handler’s hashing.py (lib/streamlit/runtime/caching/hashing.py). The issue allows use of a weak hash due to the described manipulation, with local access required and a high attack complexity. The exploita...
CVE-2026-33682
CVE-2026-33682 (Streamlit) affects Windows deployments of Streamlit Open Source up to version 1.53.x. The issue is an SSRF vulnerability caused by insufficient validation of attacker-controlled filesystem paths in component request handling (notably ComponentRequestHandler). On Windows, supplying...