CVE-2024-41112

CVE-2024-41112 affects streamlit-geospatial. The palette variable in pages/1_📷_Timelapse.py accepts user input and is used in eval() at line 380, enabling remote code execution prior to commit c4f81d9616d40c60584e36abb15300853a66e489. The commit fixes this issue. NVD lists CVSS v3.1 base score 9....

PT-2024-29275 · Unknown · Streamlit-Geospatial

Name of the Vulnerable Software and Affected Versions: streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description: The issue arises from the vis params variable, which takes user input in the 8 🏜️ Raster Data Visualization.py file. This input is later used i...

streamlit-geospatial 安全漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A security vulnerability exists in streamlit-geospatial, which originates in pages/1? The palette variable in Timelapse.py accepts user input that is then used in the eva...

CVE-2024-21552

CVE-2024-21552 – SuperAGI is affected by an Arbitrary Code Execution vulnerability due to unsafe use of the eval() function. The PT-2023-9274 document notes that all SuperAGI versions are vulnerable and that exploitation can allow a remote attacker to execute arbitrary code and take full control ...

CVE-2024-39173

calculator-boilerplate v1.0 was discovered to contain a remote code execution RCE vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field...

CVE-2024-39173

calculator-boilerplate v1.0 was discovered to contain a remote code execution RCE vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field...

WordPress Plugin Custom Field Suite Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

Code Injection

litellm is vulnerable to Code Injection. The vulnerability is caused due to a lack of input validation in the eval function within the secret management system, which allows an attacker to execute arbitrary code...

CVE-2024-4889

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the...

PT-2024-33256 · Google · Google Kms

Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.34.6 Description: A code injection issue exists due to the use of unvalidated input in the eval function within the secret management system. This issue requires a valid Google KMS configuration file to be exploitabl...

Command Injection

llamaindex is vulnerable to a Command Injection. The vulnerability is due to unsafe usage of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine...

GHSA-7GGM-4RJG-594W litellm passes untrusted data to `eval` function without sanitization

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

litellm passes untrusted data to `eval` function without sanitization

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

CVE-2024-4264

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

CVE-2024-4264 Remote Code Execution in berriai/litellm

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

CVE-2024-4264

The CVE-2024-4264 entry affects berriai/litellm. The vulnerability is caused by unsafe use of eval in litellm.get_secret() when the server uses Google KMS, allowing untrusted data to be evaluated. Attackers can inject malicious values into environment variables via the /config/update endpoint, en...

GHSA-PW38-XV9X-H8CH RunGptLLM class in LlamaIndex has a command injection

A command injection vulnerability exists in the RunGptLLM class of the llamaindex library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models LLMs. The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised...

RunGptLLM class in LlamaIndex has a command injection

A command injection vulnerability exists in the RunGptLLM class of the llamaindex library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models LLMs. The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised...

CVE-2024-4181

A command injection vulnerability exists in the RunGptLLM class of the llamaindex library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models LLMs. The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised...

CVE-2024-4181 Command Injection in run-llama/llama_index

A command injection vulnerability exists in the RunGptLLM class of the llamaindex library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models LLMs. The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised...