AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-41117: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb

criticalvulnerability

security

Source: NVD/CVE DatabaseJuly 26, 2024CVE-2024-41117

Summary

streamlit-geospatial, an application for working with geographic data in Streamlit (a Python framework for building data apps), has a vulnerability where user input is directly passed to the eval() function (which executes code from text), allowing attackers to run arbitrary code on the server. The vulnerability was fixed in commit c4f81d9616d40c60584e36abb15300853a66e489.

Solution / Mitigation

Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue, as referenced in the source material.

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 2.3%

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

integrityconfidentiality

Taxonomy References

CWE (Weakness Type)

CWE-20

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:47 PM

Classified by LLM (prompt v3) · confidence: 75%