Nixpkgs security tracker
4.7 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Adjacent (A)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Adjacent (A)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): None (N)
Activity log
- Created suggestion
Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\attacker-controlled-host\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0.
References
-
https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846 x_refsource_CONFIRM
-
https://github.com/streamlit/streamlit/releases/tag/1.54.0 x_refsource_MISC
Affected products
- ==< 1.54.0
Matching in nixpkgs
pkgs.streamlit
Fastest way to build custom ML tools
pkgs.python312Packages.streamlit
Fastest way to build custom ML tools
pkgs.python313Packages.streamlit
Fastest way to build custom ML tools
pkgs.python314Packages.streamlit
Fastest way to build custom ML tools
pkgs.python313Packages.streamlit-card
Streamlit component to make UI cards
pkgs.python314Packages.streamlit-card
Streamlit component to make UI cards
pkgs.python313Packages.streamlit-avatar
Component to display avatar icon in Streamlit
pkgs.python313Packages.streamlit-folium
Streamlit Component for rendering Folium maps
pkgs.python313Packages.streamlit-notify
Queues and displays Streamlit Status Elements notifications
pkgs.python314Packages.streamlit-avatar
Component to display avatar icon in Streamlit
pkgs.python314Packages.streamlit-folium
Streamlit Component for rendering Folium maps
pkgs.python314Packages.streamlit-notify
Queues and displays Streamlit Status Elements notifications
pkgs.python313Packages.streamlit-echarts
Streamlit component to render ECharts
pkgs.python314Packages.streamlit-echarts
Streamlit component to render ECharts
pkgs.python313Packages.streamlit-kpi-card
KPI cards for Streamlit
pkgs.python314Packages.streamlit-kpi-card
KPI cards for Streamlit
pkgs.python313Packages.extra-streamlit-components
Additional components for streamlit
pkgs.python314Packages.extra-streamlit-components
Additional components for streamlit
Package maintainers
-
@natsukium Tomoya Otabi <nixpkgs@natsukium.com>
-
@yrashk Yurii Rashkovskii <yrashk@gmail.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>