Product Research Enterprise Plans Docs

PyPi: Marimo

CVE-2024-28244

Transitive

Safety vulnerability ID: 66985

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 25, 2024 Updated at Dec 31, 2024

Scan your Python projects for vulnerabilities →

Advisory

Marimo version 0.3.5 has upgraded its katex dependency to version 0.16.10 in response to CVE-2024-28244.

Affected package

marimo

Latest version: 0.10.9

A library for making reactive notebooks and apps

Affected versions

Fixed versions

Vulnerability changelog

What's Changed

This release includes contributions from several contributors -- thanks wasimsandhu , dmadisetti , and deepyaman!

**Highlights.** This release includes a new public API for programmatically running multiple apps (in `run`/read-only mode) -- this lets you create multi-page apps out of marimo notebooks, as well as seamlessly serve marimo apps as part of, eg, a larger FastAPI app.

Docs: https://docs.marimo.io/guides/deploying/programmatically.html

Example:

python
from typing import Annotated, Callable, Coroutine
from fastapi.responses import HTMLResponse, RedirectResponse
import marimo
from fastapi import FastAPI, Form, Request, Response

Create a marimo asgi app
server = (
marimo.create_asgi_app()
.with_app(path="", root="./pages/index.py")
.with_app(path="/dashboard", root="./pages/dashboard.py")
.with_app(path="/sales", root="./pages/sales.py")
)

Create a FastAPI app
app = FastAPI()

app.add_middleware(auth_middleware)
app.add_route("/login", my_login_route, methods=["POST"])

app.mount("/", server.build())

Run the server
if __name__ == "__main__":
import uvicorn

uvicorn.run(app, host="localhost", port=8000)

**All changes.**

* Deduplicate code completion form description field by deepyaman in https://github.com/marimo-team/marimo/pull/991
* feat: Limit maximum selections in mo.ui.multiselect by wasimsandhu in https://github.com/marimo-team/marimo/pull/996
* bug fix: support env / status without pip (992) by dmadisetti in https://github.com/marimo-team/marimo/pull/999
* fix(deps): update dependency katex to v0.16.10 [security] by renovate in https://github.com/marimo-team/marimo/pull/1000
* improvement: use url hash instead of query param by mscolnick in https://github.com/marimo-team/marimo/pull/1001
* feat: create_asgi_app to programatically run marimo apps by mscolnick in https://github.com/marimo-team/marimo/pull/1002
* 0.3.5 by akshayka in https://github.com/marimo-team/marimo/pull/1007

New Contributors
* deepyaman made their first contribution in https://github.com/marimo-team/marimo/pull/991
* wasimsandhu made their first contribution in https://github.com/marimo-team/marimo/pull/996

**Full Changelog**: https://github.com/marimo-team/marimo/compare/0.3.4...0.3.5

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28244

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application