LOW

GHSA-8qw9-gf7w-42x5

Minor fix to previous patch for CVE-2022-35918

상세

### Impact

The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific conditions.

### Patches

We released an update in version 1.30.0 to further tighten security measures. Users are strongly advised to update to version 1.30.0 immediately for optimal security.

### Workarounds

No additional workarounds are necessary once the update to version 1.30.0 is applied.

### For more information

If you have any questions or comments about this advisory: * Email us at [security@streamlit.io](mailto:security@streamlit.io)

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / streamlit

최초 영향 버전: 0.63.0 수정 버전: 1.30.0

수정 pip install --upgrade 'streamlit>=1.30.0'

상세

이 버전이 영향받나요?

영향 패키지

참고