AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-41112: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb

criticalvulnerability

security

Source: NVD/CVE DatabaseJuly 26, 2024CVE-2024-41112

Summary

streamlit-geospatial is a Streamlit app (a Python framework for building data apps) for geospatial applications that had a vulnerability where user input for a palette variable was passed directly into the eval() function (a dangerous function that executes code), allowing attackers to run arbitrary code on the server. The vulnerability was fixed in commit c4f81d9616d40c60584e36abb15300853a66e489.

Solution / Mitigation

Update to commit c4f81d9616d40c60584e36abb15300853a66e489 or later, which fixes the issue by removing the unsafe use of eval() with user input.

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 1.6%

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

integrityconfidentiality

Taxonomy References

CWE (Weakness Type)

CWE-20

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:47 PM

Classified by LLM (prompt v3) · confidence: 85%