{"data":{"id":"868fdc5e-f2cc-498a-9d85-45f22c482176","title":"CVE-2024-41113: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb","summary":"streamlit-geospatial, a tool for building map-based applications, has a vulnerability where user input is passed directly into the eval() function (a function that executes code text as if it were written in the program), allowing attackers to run arbitrary code on the server. The vulnerability existed in the `vis_params` variable handling in the Timelapse.py file before a specific code commit fixed it.","solution":"Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-41113","publishedAt":"2024-07-27T00:15:05.560Z","cveId":"CVE-2024-41113","cweIds":["CWE-20"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Streamlit","streamlit-geospatial"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01559,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}