exploitDog

CVE-2024-39903

Опубликовано: 12 июл. 2024

Источник: nvd

CVSS3: 8.6

CVSS3: 7.5

EPSS Средний

Описание

Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:widgetti:solara:*:*:*:*:*:*:*:*

Версия до 1.35.1 (исключая)

EPSS

Процентиль: 98%

0.53034

Средний

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-9794-pc4r-438w

CVSS3: 8.6

github

больше 1 года назад

Local File Inclusion in Solara

EPSS

Процентиль: 98%

0.53034

Средний

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-22

CWE-22