streamlit 0.58.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the streamlit package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Arbitrary File Upload streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Arbitrary File Upload in the `file_uploader.py` widget, which does not enforce uploaded file type restrictions on the server side, even if they are set in the client. How to fix Arbitrary File Upload? Upgrade `streamlit` to version 1.43.2 or higher.	[,1.43.2)
M Path Traversal streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Path Traversal via the static file sharing feature. An attacker can leak the password hash of the Windows user running `Streamlit`. Note: The vulnerability only affects Windows. How to fix Path Traversal? Upgrade `streamlit` to version 1.37.0 or higher.	[,1.37.0)
M Improper Output Neutralization for Logs streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Improper Output Neutralization for Logs when the function `upload_file_request_handler.py` returns 400 error including the `session_id` value. How to fix Improper Output Neutralization for Logs? Upgrade `streamlit` to version 1.27.0 or higher.	[,1.27.0)

Vulnerability

Vulnerable Version

Arbitrary File Upload

streamlit is a The fastest way to build data apps in Python

Affected versions of this package are vulnerable to Arbitrary File Upload in the file_uploader.py widget, which does not enforce uploaded file type restrictions on the server side, even if they are set in the client.

How to fix Arbitrary File Upload?

Upgrade streamlit to version 1.43.2 or higher.

[,1.43.2)

Path Traversal

streamlit is a The fastest way to build data apps in Python

Affected versions of this package are vulnerable to Path Traversal via the static file sharing feature. An attacker can leak the password hash of the Windows user running Streamlit.

Note: The vulnerability only affects Windows.

How to fix Path Traversal?

Upgrade streamlit to version 1.37.0 or higher.

[,1.37.0)

Improper Output Neutralization for Logs

streamlit is a The fastest way to build data apps in Python

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs when the function upload_file_request_handler.py returns 400 error including the session_id value.

How to fix Improper Output Neutralization for Logs?

Upgrade streamlit to version 1.27.0 or higher.

[,1.27.0)

streamlit@0.58.0 vulnerabilities

A faster way to build and share data apps

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically