streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 80 in `8_🏜️_Raster_Data_Visualization.py` takes user input, which is later used in the `eval()` function on line 86, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
Metrics
Affected Vendors & Products
References
History
Mon, 26 Aug 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Opengeos
Opengeos streamlit-geospatial |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:opengeos:streamlit-geospatial:*:*:*:*:*:*:*:* | |
Vendors & Products |
Opengeos
Opengeos streamlit-geospatial |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-07-26T20:54:49.052Z
Updated: 2024-08-02T04:46:52.389Z
Reserved: 2024-07-15T15:53:28.322Z
Link: CVE-2024-41119
Vulnrichment
Updated: 2024-08-02T04:46:52.389Z
NVD
Status : Modified
Published: 2024-07-26T21:15:13.867
Modified: 2024-11-21T09:32:16.440
Link: CVE-2024-41119
Redhat
No data.