ID | CVE-2024-41114 | ||||||
Summary | streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_?_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. | ||||||
References |
|
||||||
Vulnerable Configurations |
|
||||||
CVSS |
|
||||||
CWE | NVD-CWE-noinfo | ||||||
CAPEC |
|
||||||
Access |
|
||||||
Impact |
|
||||||
Last major update | 26-08-2024 - 17:33 | ||||||
Published | 26-07-2024 - 21:15 | ||||||
Last modified | 26-08-2024 - 17:33 |