Vulnerability Description
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_๐ท_Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opengeos | Streamlit-Geospatial | < 2024-07-19 |
Related Weaknesses (CWE)
References
- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc7Product
- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc7Product
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abPatch
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-ExploitThird Party Advisory
- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc7Product
- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc7Product
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abPatch
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-ExploitThird Party Advisory
FAQ
What is CVE-2024-41116?
CVE-2024-41116 is a vulnerability with a CVSS score of 9.8 (CRITICAL). streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_๐ท_Timelapse....
How severe is CVE-2024-41116?
CVE-2024-41116 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-41116?
Check the references section above for vendor advisories and patch information. Affected products include: Opengeos Streamlit-Geospatial.