CVE-2023-27494

Name of the Vulnerable Software and Affected Versions Streamlit versions 0.63.0 through 0.80.0

Description The issue is a cross-site scripting (XSS) vulnerability that affects users of hosted Streamlit apps. An attacker could craft a malicious URL with Javascript payloads to a Streamlit app, tricking the user into visiting it. If successful, the server would render the malicious javascript payload as-is, leading to XSS.

Recommendations For versions 0.63.0 through 0.80.0, update to version 0.81.0 or later to patch the vulnerability. As a temporary workaround, consider restricting access to hosted Streamlit apps to minimize the risk of exploitation. Avoid using malicious URLs with Javascript payloads in Streamlit apps until the issue is resolved.