Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.
History

Wed, 05 Mar 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Widgetti
Widgetti solara
CPEs cpe:2.3:a:widgetti:solara:*:*:*:*:*:*:*:*
Vendors & Products Widgetti
Widgetti solara

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T04:33:11.210Z

Reserved: 2024-07-02T19:37:18.600Z

Link: CVE-2024-39903

cve-icon Vulnrichment

Updated: 2024-08-02T04:33:11.210Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-12T15:15:11.177

Modified: 2025-03-05T14:53:25.190

Link: CVE-2024-39903

cve-icon Redhat

No data.