CVE-2023-27494: 
Python vulnerability analysis and mitigation

Streamlit, a software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. The vulnerability was discovered on April 20, 2021, and patched on April 21, 2021, with the release of version 0.81.0. The issue was officially disclosed on March 16, 2023, with a CVE identifier CVE-2023-27494 (NVD, GitHub Advisory).

The vulnerability was classified as a reflected XSS vulnerability with a CVSS v3.1 base score of 6.1 (Medium) according to NVD, and 5.9 (Medium) according to GitHub. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability was fixed by removing path information from 404 responses to prevent potential XSS attacks (GitHub Patch).

If successfully exploited, the vulnerability could allow attackers to execute malicious JavaScript code in the context of the user's browser session. This could potentially lead to unauthorized access to user data, session hijacking, or other client-side attacks. The vulnerability affects the confidentiality and integrity of the application with low impact, while having no impact on availability (GitHub Advisory).

The vulnerability was patched in Streamlit version 0.81.0, released on April 21, 2021. Users running affected versions (0.63.0 through 0.80.0) should upgrade to version 0.81.0 or later. These affected versions are no longer supported, and it is recommended to always use supported versions of the Streamlit open source library (GitHub Advisory).