{"data":{"id":"dc8c417c-dbe1-46d9-b817-8447b53068ee","title":"CVE-2024-41117: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb","summary":"streamlit-geospatial, an application for working with geographic data in Streamlit (a Python framework for building data apps), has a vulnerability where user input is directly passed to the eval() function (which executes code from text), allowing attackers to run arbitrary code on the server. The vulnerability was fixed in commit c4f81d9616d40c60584e36abb15300853a66e489.","solution":"Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue, as referenced in the source material.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-41117","publishedAt":"2024-07-27T01:15:13.443Z","cveId":"CVE-2024-41117","cweIds":["CWE-20"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Streamlit","streamlit-geospatial"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.02335,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}