CVE-2024-39903
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-39903
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39903.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-39903
- Aliases
- Published
- 2024-07-12T14:28:15Z
- Modified
- 2025-11-11T03:03:35.205763Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
- Summary
- Local File Inclusion in Solara
- Details
-
Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.
- Database specific
{ "cwe_ids": [ "CWE-22" ] }- References
Affected packages
Git / github.com/widgetti/solara
Affected ranges
- Type
- GIT
- Repo
- https://github.com/widgetti/solara
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
@widgetti/solara-vuetify-app@1.*
@widgetti/solara-vuetify-app@1.1.1
@widgetti/solara-vuetify-app@10.*
@widgetti/solara-vuetify-app@10.0.0
@widgetti/solara-vuetify-app@10.0.1
@widgetti/solara-vuetify-app@10.0.2
@widgetti/solara-vuetify-app@10.0.3
@widgetti/solara-vuetify-app@2.*
@widgetti/solara-vuetify-app@2.0.0
@widgetti/solara-vuetify-app@2.1.0
@widgetti/solara-vuetify-app@3.*
@widgetti/solara-vuetify-app@3.0.0
@widgetti/solara-vuetify-app@3.0.1
@widgetti/solara-vuetify-app@4.*
@widgetti/solara-vuetify-app@4.0.0
@widgetti/solara-vuetify-app@5.*
@widgetti/solara-vuetify-app@5.0.1
@widgetti/solara-vuetify-app@5.0.2
@widgetti/solara-vuetify-app@6.*
@widgetti/solara-vuetify-app@6.0.0
@widgetti/solara-vuetify-app@6.1.0
@widgetti/solara-vuetify-app@7.*
@widgetti/solara-vuetify-app@7.0.0
@widgetti/solara-vuetify-app@8.*
@widgetti/solara-vuetify-app@8.0.0
@widgetti/solara-vuetify-app@9.*
@widgetti/solara-vuetify-app@9.0.0
@widgetti/solara-vuetify3-app@1.*
@widgetti/solara-vuetify3-app@1.0.0
@widgetti/solara-vuetify3-app@1.1.0
@widgetti/solara-vuetify3-app@2.*
@widgetti/solara-vuetify3-app@2.0.0
@widgetti/solara-vuetify3-app@3.*
@widgetti/solara-vuetify3-app@3.0.0
@widgetti/solara-vuetify3-app@4.*
@widgetti/solara-vuetify3-app@4.0.0
@widgetti/solara-vuetify3-app@5.*
@widgetti/solara-vuetify3-app@5.0.0
@widgetti/solara-vuetify3-app@5.0.1
@widgetti/solara-vuetify3-app@5.0.2
v0.*
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.1.0
v0.1.1
v0.1.2
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.11.0
v0.12.0
v0.12.1
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.18.1
v0.18.2
v0.18.3
v0.19.0
v0.19.1
v0.2.0
v0.3.0
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.5.2
v0.7.0
v0.8.0
v0.8.1
v0.9.0
v0.9.1
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.16.1
v1.16.2
v1.16.3
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.18.0
v1.19.0
v1.2.0
v1.2.1
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.25.1
v1.26.0
v1.26.1
v1.27.0
v1.29.0
v1.29.1
v1.3.0
v1.30.0
v1.30.1
v1.31.0
v1.32.0
v1.32.1
v1.32.2
v1.33.0
v1.34.0
v1.34.1
v1.35.0
v1.4.0
v1.5.0
v1.6.0
v1.6.1
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.8.2
v1.9.0
v1.9.1