Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/streamlit@1.3.0
Typepypi
Namespace
Namestreamlit
Version1.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.37.0
Latest_non_vulnerable_version1.37.0
Affected_by_vulnerabilities
0
url VCID-45nc-3ttz-hqcu
vulnerability_id VCID-45nc-3ttz-hqcu
summary Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.
references
0
reference_url https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3
1
reference_url https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5
fixed_packages
0
url pkg:pypi/streamlit@1.37.0
purl pkg:pypi/streamlit@1.37.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@1.37.0
aliases CVE-2024-42474, GHSA-rxff-vr5r-8cj5, PYSEC-2024-153
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-45nc-3ttz-hqcu
1
url VCID-e2z5-m4r7-vyhb
vulnerability_id VCID-e2z5-m4r7-vyhb
summary Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf
reference_id
reference_type
scores
url https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf
1
reference_url https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc
reference_id
reference_type
scores
url https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc
fixed_packages
0
url pkg:pypi/streamlit@1.11.1
purl pkg:pypi/streamlit@1.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-45nc-3ttz-hqcu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@1.11.1
aliases CVE-2022-35918, GHSA-v4hr-4jpx-56gc, PYSEC-2022-248
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2z5-m4r7-vyhb
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@1.3.0