streamlit@1.9.0 vulnerabilities

A faster way to build and share data apps

Direct Vulnerabilities

Known vulnerabilities in the streamlit package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Directory Traversal

streamlit is a The fastest way to build data apps in Python

Affected versions of this package are vulnerable to Directory Traversal due to insufficient validation of user-supplied input in custom components. An attacker can access sensitive files on the server by manipulating input to traverse directories. This is a case left over from the fix for CVE-2022-35918 in version 1.11.1.

How to fix Directory Traversal?

Upgrade streamlit to version 1.30.0 or higher.

[0.63.0,1.30.0)
  • M
Improper Output Neutralization for Logs

streamlit is a The fastest way to build data apps in Python

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs when the function upload_file_request_handler.py returns 400 error including the session_id value.

How to fix Improper Output Neutralization for Logs?

Upgrade streamlit to version 1.27.0 or higher.

[,1.27.0)
  • M
Directory Traversal

streamlit is a The fastest way to build data apps in Python

Affected versions of this package are vulnerable to Directory Traversal in the ComponentRequestHandler class in components/v1/components.py that can reveal data from the web server including server logs and world-readable files that are not intended to be accessible outside the custom component, when processing a crafted URL.

How to fix Directory Traversal?

Upgrade streamlit to version 1.11.1 or higher.

[0.63.0,1.11.1)