{"data":{"id":"bda515e4-35db-4d85-9c28-91370e017213","title":"CVE-2022-35918: Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custo","summary":"Streamlit, a Python framework for building data applications, has a directory traversal vulnerability (a type of attack where an attacker uses specially crafted file paths to access files they shouldn't be able to reach) in versions before 1.11.1. An attacker could trick the Streamlit server into reading and returning sensitive files from the server's file system, such as logs or other confidential information.","solution":"Upgrade to Streamlit version 1.11.1 or later. The source explicitly states, 'This issue has been resolved in version 1.11.1. Users are advised to upgrade.' No workarounds are available.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35918","publishedAt":"2022-08-02T02:15:10.223Z","cveId":"CVE-2022-35918","cweIds":["CWE-22","CWE-22"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Streamlit"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01399,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}