streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
History

Mon, 26 Aug 2024 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Opengeos
Opengeos streamlit-geospatial
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:opengeos:streamlit-geospatial:*:*:*:*:*:*:*:*
Vendors & Products Opengeos
Opengeos streamlit-geospatial

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-26T20:05:58.360Z

Updated: 2024-08-02T04:46:52.413Z

Reserved: 2024-07-15T15:53:28.322Z

Link: CVE-2024-41113

cve-icon Vulnrichment

Updated: 2024-08-02T04:46:52.413Z

cve-icon NVD

Status : Modified

Published: 2024-07-26T20:15:05.560

Modified: 2024-11-21T09:32:15.587

Link: CVE-2024-41113

cve-icon Redhat

No data.