streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 488 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
Metrics
Affected Vendors & Products
References
History
Mon, 26 Aug 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Opengeos
Opengeos streamlit-geospatial |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:opengeos:streamlit-geospatial:*:*:*:*:*:*:*:* | |
Vendors & Products |
Opengeos
Opengeos streamlit-geospatial |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-07-26T20:13:35.684Z
Updated: 2024-08-02T04:46:52.364Z
Reserved: 2024-07-15T15:53:28.322Z
Link: CVE-2024-41115
Vulnrichment
Updated: 2024-08-02T04:46:52.364Z
NVD
Status : Modified
Published: 2024-07-26T21:15:13.023
Modified: 2024-11-21T09:32:15.860
Link: CVE-2024-41115
Redhat
No data.