github · anandmt · May 27, 2026
diff --git a/advisories/github-reviewed/2024/01/GHSA-8qw9-gf7w-42x5/GHSA-8qw9-gf7w-42x5.json b/advisories/github-reviewed/2024/01/GHSA-8qw9-gf7w-42x5/GHSA-8qw9-gf7w-42x5.json
@@ -1,52 +1,84 @@
 {
-  "schema_version": "1.4.0",
-  "id": "GHSA-8qw9-gf7w-42x5",
-  "modified": "2024-01-12T17:35:21Z",
-  "published": "2024-01-12T17:35:21Z",
-  "aliases": [],
-  "summary": "Minor fix to previous patch for CVE-2022-35918",
-  "details": "### Impact\n\nThe initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific conditions.\n\n### Patches\n\nWe released an update in version 1.30.0 to further tighten security measures. Users are strongly advised to update to version 1.30.0 immediately for optimal security.\n\n### Workarounds\n\nNo additional workarounds are necessary once the update to version 1.30.0 is applied.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Email us at [security@streamlit.io](mailto:security@streamlit.io)",
-  "severity": [],
-  "affected": [
-    {
-      "package": {
-        "ecosystem": "PyPI",
-        "name": "streamlit"
-      },
-      "ranges": [
+    "schema_version": "1.4.0",
+    "id": "GHSA-8qw9-gf7w-42x5",
+    "modified": "2024-01-12T17:35:21Z",
+    "published": "2024-01-12T17:35:21Z",
+    "aliases": [
+        "CVE-2022-35918"
+    ],
+    "summary": "Minor fix to previous patch for CVE-2022-35918",
+    "details": "### Impact
+
+The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific conditions.
+
+### Patches
+
+We released an update in version 1.30.0 to further tighten security measures. Users are strongly advised to update to version 1.30.0 immediately for optimal security.
+
+### Workarounds
+
+No additional workarounds are necessary once the update to version 1.30.0 is applied.
+
+### For more information
+
+If you have any questions or comments about this advisory:
+* Email us at [security@streamlit.io](mailto:security@streamlit.io)",
+    "severity": [
         {
-          "type": "ECOSYSTEM",
-          "events": [
-            {
-              "introduced": "0.63.0"
+            "type": "CVSS_V3",
+            "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
+        }
+    ],
+    "affected": [
+        {
+            "package": {
+                "ecosystem": "PyPI",
+                "name": "streamlit"
             },
-            {
-              "fixed": "1.30.0"
-            }
-          ]
+            "ranges": [
+                {
+                    "type": "ECOSYSTEM",
+                    "events": [
+                        {
+                            "introduced": "0.63.0"
+                        },
+                        {
+                            "fixed": "1.30.0"
+                        }
+                    ]
+                }
+            ]
         }
-      ]
-    }
-  ],
-  "references": [
-    {
-      "type": "WEB",
-      "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-8qw9-gf7w-42x5"
-    },
-    {
-      "type": "WEB",
-      "url": "https://github.com/streamlit/streamlit/commit/bd0a8996c4c7ec55b9c6557e7b168b0c13a25b90"
-    },
-    {
-      "type": "PACKAGE",
-      "url": "https://github.com/streamlit/streamlit"
+    ],
+    "references": [
+        {
+            "type": "WEB",
+            "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-8qw9-gf7w-42x5"
+        },
+        {
+            "type": "ADVISORY",
+            "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35918"
+        },
+        {
+            "type": "ADVISORY",
+            "url": "https://github.com/advisories/GHSA-v4hr-4jpx-56gc"
+        },
+        {
+            "type": "WEB",
+            "url": "https://github.com/streamlit/streamlit/commit/bd0a8996c4c7ec55b9c6557e7b168b0c13a25b90"
+        },
+        {
+            "type": "PACKAGE",
+            "url": "https://github.com/streamlit/streamlit"
+        }
+    ],
+    "database_specific": {
+        "cwe_ids": [
+            "CWE-22"
+        ],
+        "severity": "MODERATE",
+        "github_reviewed": true,
+        "github_reviewed_at": "2024-01-12T17:35:21Z",
+        "nvd_published_at": null
     }
-  ],
-  "database_specific": {
-    "cwe_ids": [],
-    "severity": "LOW",
-    "github_reviewed": true,
-    "github_reviewed_at": "2024-01-12T17:35:21Z",
-    "nvd_published_at": null
-  }
-}
+}