streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
Metrics
Affected Vendors & Products
References
History
Mon, 26 Aug 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Opengeos
Opengeos streamlit-geospatial |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:opengeos:streamlit-geospatial:*:*:*:*:*:*:*:* | |
Vendors & Products |
Opengeos
Opengeos streamlit-geospatial |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-07-26T20:16:24.561Z
Updated: 2024-08-02T04:46:52.561Z
Reserved: 2024-07-15T15:53:28.322Z
Link: CVE-2024-41116
Vulnrichment
Updated: 2024-08-02T04:46:52.561Z
NVD
Status : Modified
Published: 2024-07-26T21:15:13.237
Modified: 2024-11-21T09:32:15.997
Link: CVE-2024-41116
Redhat
No data.