CVE-2024-41116 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option vis_params

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 1254 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 1345, leading to remote code...

CVE-2024-41115 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...

CVE-2024-41115 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...

CVE-2024-41115 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...

CVE-2024-41114 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 430 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 435, leading to remote code executio...

CVE-2024-41112

CVE-2024-41112 affects streamlit-geospatial. The palette variable in pages/1_📷_Timelapse.py accepts user input and is used in eval() at line 380, enabling remote code execution prior to commit c4f81d9616d40c60584e36abb15300853a66e489. The commit fixes this issue. NVD lists CVSS v3.1 base score 9....

CVE-2024-41112 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option palette

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 380, leading to remote code execution. Commit...

PT-2024-29275 · Unknown · Streamlit-Geospatial

Name of the Vulnerable Software and Affected Versions: streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description: The issue arises from the vis params variable, which takes user input in the 8 🏜️ Raster Data Visualization.py file. This input is later used i...

streamlit-geospatial 安全漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A security vulnerability exists in streamlit-geospatial, which originates in pages/1? The palette variable in Timelapse.py accepts user input that is then used in the eva...

CVE-2024-21552

CVE-2024-21552 – SuperAGI is affected by an Arbitrary Code Execution vulnerability due to unsafe use of the eval() function. The PT-2023-9274 document notes that all SuperAGI versions are vulnerable and that exploitation can allow a remote attacker to execute arbitrary code and take full control ...

CVE-2024-39173

calculator-boilerplate v1.0 was discovered to contain a remote code execution RCE vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field...

CVE-2024-39173

calculator-boilerplate v1.0 was discovered to contain a remote code execution RCE vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field...

WordPress Plugin Custom Field Suite Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

Code Injection

litellm is vulnerable to Code Injection. The vulnerability is caused due to a lack of input validation in the eval function within the secret management system, which allows an attacker to execute arbitrary code...

CVE-2024-4889

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the...

PT-2024-33256 · Google · Google Kms

Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.34.6 Description: A code injection issue exists due to the use of unvalidated input in the eval function within the secret management system. This issue requires a valid Google KMS configuration file to be exploitabl...

Command Injection

llamaindex is vulnerable to a Command Injection. The vulnerability is due to unsafe usage of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine...

GHSA-7GGM-4RJG-594W litellm passes untrusted data to `eval` function without sanitization

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

litellm passes untrusted data to `eval` function without sanitization

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

CVE-2024-4264

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...