AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-41115: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb

criticalvulnerability

security

Source: NVD/CVE DatabaseJuly 26, 2024CVE-2024-41115

Summary

CVE-2024-41115 is a vulnerability in streamlit-geospatial (a tool for working with maps and geographic data in Streamlit, a Python framework for building data apps) where user input is passed directly into the eval() function (a dangerous function that executes code), allowing attackers to run arbitrary code on the server. The vulnerability existed in the `palette` variable handling on line 488-493 of the timelapse page file.

Solution / Mitigation

Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 1.1%

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

integrityconfidentiality

Taxonomy References

CWE (Weakness Type)

CWE-20

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:47 PM

Classified by LLM (prompt v3) · confidence: 85%