CVE-2024-39903
CVSS V2 None
CVSS V3 None
Description
Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.
Overview
- CVE ID
- CVE-2024-39903
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-12T14:28:15.073Z
- Last Modified Date
- 2024-07-12T14:28:15.073Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/widgetti/solara/security/advisories/GHSA-9794-pc4r-438w | x_refsource_CONFIRM |
https://github.com/widgetti/solara/commit/df2fd66a7f4e8ffd36e8678697a8a4f76760dc54 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-39903 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39903 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-07-13 13:20:32 | Added to TrackCVE |