streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
Metrics
Affected Vendors & Products
References
History
Mon, 26 Aug 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Opengeos
Opengeos streamlit-geospatial |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:opengeos:streamlit-geospatial:*:*:*:*:*:*:*:* | |
Vendors & Products |
Opengeos
Opengeos streamlit-geospatial |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-07-26T20:05:58.360Z
Updated: 2024-08-02T04:46:52.413Z
Reserved: 2024-07-15T15:53:28.322Z
Link: CVE-2024-41113
Vulnrichment
Updated: 2024-08-02T04:46:52.413Z
NVD
Status : Analyzed
Published: 2024-07-26T20:15:05.560
Modified: 2024-08-26T17:33:18.810
Link: CVE-2024-41113
Redhat
No data.