{"data":{"id":"339adcd6-486c-4ad2-ae5d-e82df0fa64d3","title":"CVE-2024-41119: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb","summary":"streamlit-geospatial is a web application for working with geographic data, but it has a critical vulnerability where user input is directly passed to the eval() function (a dangerous Python function that executes code), allowing attackers to run arbitrary code on the server. The vulnerability was fixed in commit c4f81d9616d40c60584e36abb15300853a66e489.","solution":"Update to commit c4f81d9616d40c60584e36abb15300853a66e489 or later, which fixes the vulnerability by removing the dangerous eval() call that accepted unsanitized user input.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-41119","publishedAt":"2024-07-27T01:15:13.867Z","cveId":"CVE-2024-41119","cweIds":["CWE-20"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Streamlit","streamlit-geospatial"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01559,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}