{"data":{"id":"26a6d7e7-17e9-49ad-b0d1-6eb9747b1c52","title":"CVE-2024-41114: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb","summary":"streamlit-geospatial is a web application for mapping and geographic data analysis built with Streamlit (a Python framework for data apps). The application has a critical vulnerability where user input is passed directly into the `eval()` function (a command that executes text as code), allowing attackers to run arbitrary code on the server.","solution":"Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. Users should update to the version containing this commit.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-41114","publishedAt":"2024-07-27T01:15:12.813Z","cveId":"CVE-2024-41114","cweIds":["CWE-20"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["streamlit-geospatial"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01307,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}