streamlit@1.3.0 vulnerabilities

The fastest way to build data apps in Python

Direct Vulnerabilities

Known vulnerabilities in the streamlit package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Directory Traversal

streamlit is a The fastest way to build data apps in Python

Affected versions of this package are vulnerable to Directory Traversal in the ComponentRequestHandler class in components/v1/components.py that can reveal data from the web server including server logs and world-readable files that are not intended to be accessible outside the custom component, when processing a crafted URL.

How to fix Directory Traversal?

Upgrade streamlit to version 1.11.1 or higher.

[0.63.0,1.11.1)