Home > Vulnerability Database > CVE-2024-42474

Mend.io Vulnerability Database

CVE-2024-42474

Good to know:

Date: August 12, 2024

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.

Language: Python

Severity Score

6.5

Related Resources (5)

Url: https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-42474

Url: https://github.com/streamlit/streamlit

Url: https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5

Url: https://www.mend.io/vulnerability-database/CVE-2024-42474

Severity Score

6.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version streamlit - 1.37.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-42474

Good to know:

Date: August 12, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?