CVE-2024-41119: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb
Summary
streamlit-geospatial is a web application for working with geographic data, but it has a critical vulnerability where user input is directly passed to the eval() function (a dangerous Python function that executes code), allowing attackers to run arbitrary code on the server. The vulnerability was fixed in commit c4f81d9616d40c60584e36abb15300853a66e489.
Solution / Mitigation
Update to commit c4f81d9616d40c60584e36abb15300853a66e489 or later, which fixes the vulnerability by removing the dangerous eval() call that accepted unsanitized user input.
Vulnerability Details
9.8(critical)
EPSS: 1.6%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-41119
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 85%