CVE-2024-42474

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 12, 2024

Updated: Sep 16, 2024

CWE ID 22

Summary

CVE-2024-42474 is a path traversal vulnerability affecting Streamlit, a data-oriented application development framework for Python. This issue, addressed in version 1.37.0 on July 25, 2024, impacts users of hosted Streamlit apps on Windows. When the static file sharing feature is enabled, an attacker could potentially leak the password hash of the Windows user running Streamlit through this vulnerability. This security flaw was specific to Windows systems and has since been patched, mitigating the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xbln4H
https://www.cve.org/CVERecord?id=CVE-2024-42474
https://nvd.nist.gov/vuln/detail/CVE-2024-42474

Back to Vulnerability Database

CVE-2024-42474

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations