Description
Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5
Scores
CVSS v3
6.5
EPSS
0.0165
EPSS Percentile
82.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (2)
pypi/streamlit
0 - 1.37.0PyPI
snowflake/streamlit
< 1.37.0
Published
Aug 12, 2024
Tracked Since
Feb 18, 2026