{"data":{"id":"33f921e3-169c-450b-a8f1-8ea60be4d88c","title":"CVE-2024-41112: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb","summary":"streamlit-geospatial is a Streamlit app (a Python framework for building data apps) for geospatial applications that had a vulnerability where user input for a palette variable was passed directly into the eval() function (a dangerous function that executes code), allowing attackers to run arbitrary code on the server. The vulnerability was fixed in commit c4f81d9616d40c60584e36abb15300853a66e489.","solution":"Update to commit c4f81d9616d40c60584e36abb15300853a66e489 or later, which fixes the issue by removing the unsafe use of eval() with user input.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-41112","publishedAt":"2024-07-27T00:15:05.237Z","cveId":"CVE-2024-41112","cweIds":["CWE-20"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Streamlit","streamlit-geospatial"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01559,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}