Security Advisory

CVE-2024-41112

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-26 20:01:37

Last updated 2024-08-02 04:46:52

Assigner GitHub_M

State PUBLISHED

Description

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.

← Browse all CVEs View on cve.org ↗