Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.
Metrics
Affected Vendors & Products
References
History
Wed, 05 Mar 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Widgetti
Widgetti solara |
|
CPEs | cpe:2.3:a:widgetti:solara:*:*:*:*:*:*:*:* | |
Vendors & Products |
Widgetti
Widgetti solara |

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T04:33:11.210Z
Reserved: 2024-07-02T19:37:18.600Z
Link: CVE-2024-39903

Updated: 2024-08-02T04:33:11.210Z

Status : Analyzed
Published: 2024-07-12T15:15:11.177
Modified: 2025-03-05T14:53:25.190
Link: CVE-2024-39903

No data.