GHSA-rxff-vr5r-8cj5
Vulnerability from github
Published
2024-08-12 18:35
Modified
2024-11-26 18:52
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
6.0 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
Path traveral in Streamlit on windows
Details

1. Impacted Products

Streamilt Open Source versions before 1.37.0.

2. Introduction

Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.

3. Path Traversal Vulnerability

3.1 Description

On May 12, 2024, Streamlit was informed via our bug bounty program about a path traversal vulnerability in the open source library. We fixed and merged a patch remediating the vulnerability on Jul 25, 2024. The issue was determined to be in the moderate severity range with a maximum CVSSv3 base score of 5.9

3.2 Scenarios and attack vector(s)

Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit.

3.3 Resolution

The vulnerability has been fixed in all Streamlit versions released since Jul 25, 2024. We recommend all users upgrade to Version 1.37.0.

4. Contact

Please contact security@snowflake.com if you have any questions regarding this advisory. If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our Vulnerability Disclosure Policy.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "streamlit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.37.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-42474"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-12T18:35:12Z",
    "nvd_published_at": "2024-08-12T17:15:17Z",
    "severity": "MODERATE"
  },
  "details": "### 1. Impacted Products\nStreamilt Open Source versions before 1.37.0.\n\n### 2. Introduction\nSnowflake Streamlit open source addressed a security vulnerability via the [static file sharing feature](https://docs.streamlit.io/develop/concepts/configuration/serving-static-files). The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.\n\n### 3. Path Traversal Vulnerability \n#### 3.1 Description\nOn May 12, 2024, Streamlit was informed via our bug bounty program about a path traversal vulnerability in the open source library. We fixed and merged a patch remediating the vulnerability on Jul 25, 2024. The issue was determined to be in the moderate severity range with a maximum CVSSv3 base score of [5.9](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N)\n#### 3.2 Scenarios and attack vector(s)\nUsers of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the [static file sharing feature](https://docs.streamlit.io/develop/concepts/configuration/serving-static-files) is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. \n#### 3.3 Resolution\nThe vulnerability has been fixed in all Streamlit versions released since Jul 25, 2024. We recommend all users upgrade to Version 1.37.0.\n\n### 4. Contact\nPlease contact security@snowflake.com if you have any questions regarding this advisory. If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our [Vulnerability Disclosure Policy](https://hackerone.com/snowflake?type=team).\n",
  "id": "GHSA-rxff-vr5r-8cj5",
  "modified": "2024-11-26T18:52:17Z",
  "published": "2024-08-12T18:35:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42474"
    },
    {
      "type": "WEB",
      "url": "https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/streamlit/PYSEC-2024-153.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/streamlit/streamlit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Path traveral in Streamlit on windows"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.