CVE-2022-35918
Directory Traversal vulnerability in streamlit (PyPI)
What is CVE-2022-35918 About?
This vulnerability affects Streamlit app(s) that use custom components, making them susceptible to a directory traversal attack. Attackers can craft malicious URLs to leak data from the web server's file system, including sensitive files. Exploitation is relatively easy as it leverages malformed URL paths.
Affected Software
- streamlit
- <80d9979d5f4a00217743d607078a1d867fad8acf
- >0.63.0, <1.11.1
Technical Details
Streamlit app(s) utilizing custom components are vulnerable to a directory traversal attack. An attacker can craft a malicious URL containing 'dot-dot-slash' (../) sequences or similar path manipulation techniques. When the Streamlit server processes this URL, which is intended to access resources within the sanctioned custom component directory, the server fails to properly sanitize the path. This allows the crafted URL to traverse outside the custom component directory and access other files on the web server's file system. Consequently, the server returns the contents of arbitrary files, potentially exposing sensitive information such as server logs, configuration files, and other world-readable data.
What is the Impact of CVE-2022-35918?
Successful exploitation may allow attackers to read arbitrary files on the web server's file system, leading to information disclosure of sensitive data such as server logs, configuration files, and other private information.
What is the Exploitability of CVE-2022-35918?
Exploitation is of low complexity, as it primarily involves an attacker crafting a specific URL with traversal sequences. No authentication is required, and the vulnerability is remote, accessible directly via a malicious URL. The primary prerequisite is a Streamlit application deployed with custom components. Risk factors are significantly increased for Streamlit apps that are publicly accessible and utilize custom components sourced from untrusted or less scrutinized origins, as the vulnerability directly allows unauthenticated file access.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-35918?
Available Upgrade Options
- streamlit
- <80d9979d5f4a00217743d607078a1d867fad8acf → Upgrade to 80d9979d5f4a00217743d607078a1d867fad8acf
- streamlit
- >0.63.0, <1.11.1 → Upgrade to 1.11.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc
- https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf
- https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc
- https://nvd.nist.gov/vuln/detail/CVE-2022-35918
- https://github.com/pypa/advisory-database/tree/main/vulns/streamlit/PYSEC-2022-248.yaml
- https://osv.dev/vulnerability/PYSEC-2022-248
- https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf
- https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf
- https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc
- https://github.com/streamlit/streamlit
What are Similar Vulnerabilities to CVE-2022-35918?
Similar Vulnerabilities: CVE-2021-4122 , CVE-2021-38604 , CVE-2020-5290 , CVE-2019-16781 , CVE-2018-1000860
