Vulnerability-Lookup

CVE-2022-35918 (GCVE-0-2022-35918)

Vulnerability from cvelistv5 – Published: 2022-08-01 21:25 – Updated: 2025-04-23 17:54

Title

Streamlit directory traversal vulnerability

Summary

Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/streamlit/streamlit/security/a…	x_refsource_CONFIRM
	https://github.com/streamlit/streamlit/commit/80d…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	streamlit	streamlit	Affected: >= 0.63.0, < 1.11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:51:58.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-35918",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T14:02:33.367518Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T17:54:37.477Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "streamlit",
          "vendor": "streamlit",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.63.0, \u003c 1.11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-12T14:20:09.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
        }
      ],
      "source": {
        "advisory": "GHSA-v4hr-4jpx-56gc",
        "discovery": "UNKNOWN"
      },
      "title": "Streamlit directory traversal vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-35918",
          "STATE": "PUBLIC",
          "TITLE": "Streamlit directory traversal vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "streamlit",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "",
                            "version_name": "",
                            "version_value": "\u003e= 0.63.0, \u003c 1.11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "streamlit"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc",
              "refsource": "CONFIRM",
              "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
            },
            {
              "name": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf",
              "refsource": "MISC",
              "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-v4hr-4jpx-56gc",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-35918",
    "datePublished": "2022-08-01T21:25:10.000Z",
    "dateReserved": "2022-07-15T00:00:00.000Z",
    "dateUpdated": "2025-04-23T17:54:37.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T09:51:58.575Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-35918\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T14:02:33.367518Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-23T14:02:34.774Z\"}}], \"cna\": {\"title\": \"Streamlit directory traversal vulnerability\", \"source\": {\"advisory\": \"GHSA-v4hr-4jpx-56gc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"streamlit\", \"product\": \"streamlit\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.63.0, \u003c 1.11.1\"}]}], \"references\": [{\"url\": \"https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-08-12T14:20:09.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"advisory\": \"GHSA-v4hr-4jpx-56gc\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"platform\": \"\", \"version_name\": \"\", \"version_value\": \"\u003e= 0.63.0, \u003c 1.11.1\", \"version_affected\": \"\"}]}, \"product_name\": \"streamlit\"}]}, \"vendor_name\": \"streamlit\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc\", \"name\": \"https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf\", \"name\": \"https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-35918\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Streamlit directory traversal vulnerability\", \"ASSIGNER\": \"security-advisories@github.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-35918\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-23T17:54:37.477Z\", \"dateReserved\": \"2022-07-15T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-08-01T21:25:10.000Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

PYSEC-2022-248

Vulnerability from pysec - Published: 2022-08-01 22:15 - Updated: 2022-08-10 17:01

Details

Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.

Impacted products

Name	purl
streamlit	pkg:pypi/streamlit

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "streamlit",
        "purl": "pkg:pypi/streamlit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "80d9979d5f4a00217743d607078a1d867fad8acf"
            }
          ],
          "repo": "https://github.com/streamlit/streamlit",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0.63.0"
            },
            {
              "fixed": "1.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.63.0",
        "0.63.1",
        "0.64.0",
        "0.65.0",
        "0.65.1",
        "0.65.2",
        "0.66.0",
        "0.67.0",
        "0.67.1",
        "0.68.0",
        "0.68.1",
        "0.69.0",
        "0.69.1",
        "0.69.2",
        "0.70.0",
        "0.71.0",
        "0.72.0",
        "0.73.0",
        "0.73.1",
        "0.74.0",
        "0.74.1",
        "0.75.0",
        "0.76.0",
        "0.77.0",
        "0.78.0",
        "0.79.0",
        "0.80.0",
        "0.81.0",
        "0.81.1",
        "0.82.0",
        "0.83.0",
        "0.84.0",
        "0.84.1",
        "0.84.2",
        "0.85.0",
        "0.85.1",
        "0.86.0",
        "0.87.0",
        "0.88.0",
        "0.89.0",
        "1.0.0",
        "1.1.0",
        "1.10.0",
        "1.10.0rc1",
        "1.10.0rc2",
        "1.11.0",
        "1.11.0rc1",
        "1.11.1rc1",
        "1.2.0",
        "1.3.0",
        "1.3.1",
        "1.4.0",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.6.0rc3",
        "1.6.0rc4",
        "1.7.0",
        "1.8.0",
        "1.8.0rc1",
        "1.8.1",
        "1.8.1rc1",
        "1.9.0",
        "1.9.0rc1",
        "1.9.1",
        "1.9.1rc1",
        "1.9.1rc2",
        "1.9.2",
        "1.9.2rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35918",
    "GHSA-v4hr-4jpx-56gc"
  ],
  "details": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.",
  "id": "PYSEC-2022-248",
  "modified": "2022-08-10T17:01:37.061546Z",
  "published": "2022-08-01T22:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
    },
    {
      "type": "FIX",
      "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
    }
  ]
}

FKIE_CVE-2022-35918

Vulnerability from fkie_nvd - Published: 2022-08-01 22:15 - Updated: 2024-11-21 07:11

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc	Third Party Advisory

Impacted products

	Vendor	Product	Version
	snowflake	streamlit	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:snowflake:streamlit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9D5D7A-3CEB-4445-B01C-7EDDB485E1B3",
              "versionEndExcluding": "1.11.1",
              "versionStartIncluding": "0.63.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue."
    },
    {
      "lang": "es",
      "value": "Streamlit es un marco de desarrollo de aplicaciones orientado a datos para python. Los usuarios que alojan aplicaciones Streamlit que usan componentes personalizados son vulnerables a un ataque de salto de directorio que podr\u00eda filtrar datos de su sistema de archivos del servidor web, como por ejemplo: registros del servidor, archivos legibles a nivel mundial y, potencialmente, otra informaci\u00f3n confidencial. Un atacante puede dise\u00f1ar una URL maliciosa con rutas de archivos y el servidor streamlit procesar\u00eda esa URL y devolver\u00eda el contenido de ese archivo o sobrescribir\u00eda los archivos existentes en el servidor web. Este problema ha sido resuelto en versi\u00f3n 1.11.1. Se recomienda a los usuarios que actualicen. No hay soluciones alternativas conocidas para este problema."
    }
  ],
  "id": "CVE-2022-35918",
  "lastModified": "2024-11-21T07:11:57.603",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-01T22:15:10.223",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-V4HR-4JPX-56GC

Vulnerability from github – Published: 2022-08-06 05:51 – Updated: 2022-08-06 05:51

Summary

Streamlit directory traversal vulnerability

Details

Impact

Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information.

An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file.

Patches

On July 27th at 2:20PM PST we rolled out a patch in release 1.11.1. This patch ensures that any file operations are restricted only to the custom component directory and cannot traverse outside of that. We strongly recommend users upgrade to v1.11.1 as soon as possible. We have notified the Streamlit community and popular hosting providers about this issue so they can patch quickly. As a precautionary measure, we are also upgrading all users on Streamlit Cloud wherever possible. We continue to check other occurrences of this vulnerability and monitor potential exploits wherever we can.

Finally, as a general security practice, we recommend users review custom components for any malicious code before using them in their apps. Following security best practices such as running web servers with low privileges, firewalls, etc. for hosting your apps, helps in mitigating the severity of such exploits.

Workarounds

None.

References

https://docs.google.com/document/d/e/2PACX-1vRzF9K6gwv9KnQz---1pt0SdHMVt-CHuKMmdTH1uct7xPcK7vToP4FvYdI84aO6rGfCmrBSaViri0Nd/pub

For more information

If you have any questions or comments about this advisory: * Email us at security@streamlit.io

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "streamlit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.63.0"
            },
            {
              "fixed": "1.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-06T05:51:50Z",
    "nvd_published_at": "2022-08-01T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nUsers hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information.\n\nAn attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file.\n\n### Patches\nOn July 27th at 2:20PM PST we rolled out a patch in release 1.11.1. This patch ensures that any file operations are restricted only to the custom component directory and cannot traverse outside of that. We strongly recommend users upgrade to v1.11.1 as soon as possible. We have notified the Streamlit community and popular hosting providers about this issue so they can patch quickly. As a precautionary measure, we are also upgrading all users on Streamlit Cloud wherever possible. We continue to check other occurrences of this vulnerability and monitor potential exploits wherever we can.\n\nFinally, as a general security practice, we recommend users review custom components for any malicious code before using them in their apps. Following security best practices such as running web servers with low privileges, firewalls, etc. for hosting your apps, helps in mitigating the severity of such exploits.\n\n### Workarounds\nNone.\n\n### References\n* https://docs.google.com/document/d/e/2PACX-1vRzF9K6gwv9KnQz---1pt0SdHMVt-CHuKMmdTH1uct7xPcK7vToP4FvYdI84aO6rGfCmrBSaViri0Nd/pub\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [security@streamlit.io](mailto:security@streamlit.io)\n",
  "id": "GHSA-v4hr-4jpx-56gc",
  "modified": "2022-08-06T05:51:50Z",
  "published": "2022-08-06T05:51:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35918"
    },
    {
      "type": "WEB",
      "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/streamlit/PYSEC-2022-248.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/streamlit/streamlit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Streamlit directory traversal vulnerability"
}

GSD-2022-35918

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-35918

Aliases

CVE-2022-35918

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-35918",
    "description": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.",
    "id": "GSD-2022-35918"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-35918"
      ],
      "details": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.",
      "id": "GSD-2022-35918",
      "modified": "2023-12-13T01:19:33.584309Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-35918",
        "STATE": "PUBLIC",
        "TITLE": "Streamlit directory traversal vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "streamlit",
                    "version": {
                      "version_data": [
                        {
                          "platform": "",
                          "version_affected": "",
                          "version_name": "",
                          "version_value": "\u003e= 0.63.0, \u003c 1.11.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "streamlit"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc",
            "refsource": "CONFIRM",
            "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
          },
          {
            "name": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf",
            "refsource": "MISC",
            "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-v4hr-4jpx-56gc",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=0.63.0,\u003c1.11.1",
          "affected_versions": "All versions starting from 0.63.0 before 1.11.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2022-10-29",
          "description": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components is vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.",
          "fixed_versions": [
            "1.11.1"
          ],
          "identifier": "CVE-2022-35918",
          "identifiers": [
            "CVE-2022-35918",
            "GHSA-v4hr-4jpx-56gc"
          ],
          "not_impacted": "All versions before 0.63.0, all versions starting from 1.11.1",
          "package_slug": "pypi/streamlit",
          "pubdate": "2022-08-01",
          "solution": "Upgrade to version 1.11.1 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-35918",
            "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf",
            "https://github.com/advisories/GHSA-v4hr-4jpx-56gc"
          ],
          "uuid": "853fdc8c-649a-4c37-9885-a4dc5ed24ceb"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:streamlit:streamlit:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.11.1",
                "versionStartIncluding": "0.63.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-35918"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
            },
            {
              "name": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-10-29T02:53Z",
      "publishedDate": "2022-08-01T22:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-35918 (GCVE-0-2022-35918)

PYSEC-2022-248

FKIE_CVE-2022-35918

GHSA-V4HR-4JPX-56GC

Impact

Patches

Workarounds

References

For more information

GSD-2022-35918

Tags

Sightings

Nomenclature