AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-41113: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb

criticalvulnerability

security

Source: NVD/CVE DatabaseJuly 26, 2024CVE-2024-41113

Summary

streamlit-geospatial, a tool for building map-based applications, has a vulnerability where user input is passed directly into the eval() function (a function that executes code text as if it were written in the program), allowing attackers to run arbitrary code on the server. The vulnerability existed in the `vis_params` variable handling in the Timelapse.py file before a specific code commit fixed it.

Solution / Mitigation

Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 1.6%

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

integrityavailability

Taxonomy References

CWE (Weakness Type)

CWE-20

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:47 PM

Classified by LLM (prompt v3) · confidence: 75%