CVE-2024-39903 — HIGH (8.6)

Q: How severe is CVE-2024-39903?

CVE-2024-39903 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-39903?

Check the references section above for vendor advisories and patch information. Affected products include: Widgetti Solara.

Vulnerability Description

Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Widgetti	Solara	< 1.35.1

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2024-39903?

CVE-2024-39903 is a vulnerability with a CVSS score of 8.6 (HIGH). Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in ve...

How severe is CVE-2024-39903?

CVE-2024-39903 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39903?

Check the references section above for vendor advisories and patch information. Affected products include: Widgetti Solara.