cvelistv5 - CVE-2022-35918

URL	Tags
security-advisories@github.com	https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc	Third Party Advisory

ghsa-v4hr-4jpx-56gc

Vulnerability from github

Published

2022-08-06 05:51

Modified

2022-08-06 05:51

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

Streamlit directory traversal vulnerability

Details

Impact

Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information.

An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file.

Patches

On July 27th at 2:20PM PST we rolled out a patch in release 1.11.1. This patch ensures that any file operations are restricted only to the custom component directory and cannot traverse outside of that. We strongly recommend users upgrade to v1.11.1 as soon as possible. We have notified the Streamlit community and popular hosting providers about this issue so they can patch quickly. As a precautionary measure, we are also upgrading all users on Streamlit Cloud wherever possible. We continue to check other occurrences of this vulnerability and monitor potential exploits wherever we can.

Finally, as a general security practice, we recommend users review custom components for any malicious code before using them in their apps. Following security best practices such as running web servers with low privileges, firewalls, etc. for hosting your apps, helps in mitigating the severity of such exploits.

Workarounds

None.

References

https://docs.google.com/document/d/e/2PACX-1vRzF9K6gwv9KnQz---1pt0SdHMVt-CHuKMmdTH1uct7xPcK7vToP4FvYdI84aO6rGfCmrBSaViri0Nd/pub

For more information

If you have any questions or comments about this advisory: * Email us at security@streamlit.io

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "streamlit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.63.0"
            },
            {
              "fixed": "1.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-06T05:51:50Z",
    "nvd_published_at": "2022-08-01T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nUsers hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information.\n\nAn attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file.\n\n### Patches\nOn July 27th at 2:20PM PST we rolled out a patch in release 1.11.1. This patch ensures that any file operations are restricted only to the custom component directory and cannot traverse outside of that. We strongly recommend users upgrade to v1.11.1 as soon as possible. We have notified the Streamlit community and popular hosting providers about this issue so they can patch quickly. As a precautionary measure, we are also upgrading all users on Streamlit Cloud wherever possible. We continue to check other occurrences of this vulnerability and monitor potential exploits wherever we can.\n\nFinally, as a general security practice, we recommend users review custom components for any malicious code before using them in their apps. Following security best practices such as running web servers with low privileges, firewalls, etc. for hosting your apps, helps in mitigating the severity of such exploits.\n\n### Workarounds\nNone.\n\n### References\n* https://docs.google.com/document/d/e/2PACX-1vRzF9K6gwv9KnQz---1pt0SdHMVt-CHuKMmdTH1uct7xPcK7vToP4FvYdI84aO6rGfCmrBSaViri0Nd/pub\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [security@streamlit.io](mailto:security@streamlit.io)\n",
  "id": "GHSA-v4hr-4jpx-56gc",
  "modified": "2022-08-06T05:51:50Z",
  "published": "2022-08-06T05:51:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35918"
    },
    {
      "type": "WEB",
      "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/streamlit/PYSEC-2022-248.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/streamlit/streamlit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Streamlit directory traversal vulnerability"
}

gsd-2022-35918

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.

Aliases

CVE-2022-35918

Aliases

CVE-2022-35918

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-35918",
    "description": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.",
    "id": "GSD-2022-35918"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-35918"
      ],
      "details": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.",
      "id": "GSD-2022-35918",
      "modified": "2023-12-13T01:19:33.584309Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-35918",
        "STATE": "PUBLIC",
        "TITLE": "Streamlit directory traversal vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "streamlit",
                    "version": {
                      "version_data": [
                        {
                          "platform": "",
                          "version_affected": "",
                          "version_name": "",
                          "version_value": "\u003e= 0.63.0, \u003c 1.11.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "streamlit"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc",
            "refsource": "CONFIRM",
            "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
          },
          {
            "name": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf",
            "refsource": "MISC",
            "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-v4hr-4jpx-56gc",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=0.63.0,\u003c1.11.1",
          "affected_versions": "All versions starting from 0.63.0 before 1.11.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2022-10-29",
          "description": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components is vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.",
          "fixed_versions": [
            "1.11.1"
          ],
          "identifier": "CVE-2022-35918",
          "identifiers": [
            "CVE-2022-35918",
            "GHSA-v4hr-4jpx-56gc"
          ],
          "not_impacted": "All versions before 0.63.0, all versions starting from 1.11.1",
          "package_slug": "pypi/streamlit",
          "pubdate": "2022-08-01",
          "solution": "Upgrade to version 1.11.1 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-35918",
            "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf",
            "https://github.com/advisories/GHSA-v4hr-4jpx-56gc"
          ],
          "uuid": "853fdc8c-649a-4c37-9885-a4dc5ed24ceb"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:streamlit:streamlit:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.11.1",
                "versionStartIncluding": "0.63.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-35918"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
            },
            {
              "name": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-10-29T02:53Z",
      "publishedDate": "2022-08-01T22:15Z"
    }
  }
}

pysec-2022-248

Vulnerability from pysec

Published

2022-08-01 22:15

Modified

2022-08-10 17:01

Details

Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "streamlit",
        "purl": "pkg:pypi/streamlit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "80d9979d5f4a00217743d607078a1d867fad8acf"
            }
          ],
          "repo": "https://github.com/streamlit/streamlit",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0.63.0"
            },
            {
              "fixed": "1.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.63.0",
        "0.63.1",
        "0.64.0",
        "0.65.0",
        "0.65.1",
        "0.65.2",
        "0.66.0",
        "0.67.0",
        "0.67.1",
        "0.68.0",
        "0.68.1",
        "0.69.0",
        "0.69.1",
        "0.69.2",
        "0.70.0",
        "0.71.0",
        "0.72.0",
        "0.73.0",
        "0.73.1",
        "0.74.0",
        "0.74.1",
        "0.75.0",
        "0.76.0",
        "0.77.0",
        "0.78.0",
        "0.79.0",
        "0.80.0",
        "0.81.0",
        "0.81.1",
        "0.82.0",
        "0.83.0",
        "0.84.0",
        "0.84.1",
        "0.84.2",
        "0.85.0",
        "0.85.1",
        "0.86.0",
        "0.87.0",
        "0.88.0",
        "0.89.0",
        "1.0.0",
        "1.1.0",
        "1.10.0",
        "1.10.0rc1",
        "1.10.0rc2",
        "1.11.0",
        "1.11.0rc1",
        "1.11.1rc1",
        "1.2.0",
        "1.3.0",
        "1.3.1",
        "1.4.0",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.6.0rc3",
        "1.6.0rc4",
        "1.7.0",
        "1.8.0",
        "1.8.0rc1",
        "1.8.1",
        "1.8.1rc1",
        "1.9.0",
        "1.9.0rc1",
        "1.9.1",
        "1.9.1rc1",
        "1.9.1rc2",
        "1.9.2",
        "1.9.2rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35918",
    "GHSA-v4hr-4jpx-56gc"
  ],
  "details": "Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.",
  "id": "PYSEC-2022-248",
  "modified": "2022-08-10T17:01:37.061546Z",
  "published": "2022-08-01T22:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc"
    },
    {
      "type": "FIX",
      "url": "https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf"
    }
  ]
}

CVE-2022-35918

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

CVE-2022-35918

Vulnerability from cvelistv5

ghsa-v4hr-4jpx-56gc

Vulnerability from github

Impact

Patches

Workarounds

References

For more information

gsd-2022-35918

Vulnerability from gsd

pysec-2022-248

Vulnerability from pysec

Tags

Sightings

Nomenclature