CVE-2024-41117 Remote code execution in streamlit geospatial in pages/10_🌍_Earth_Engine_Datasets.py

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 115 in pages/10🌍EarthEngineDatasets.py takes user input, which is later used in the eval function on line 126, leading to remote...

CVE-2024-41117

CVE-2024-41117 affects the streamlit-geospatial project. The vulnerability arises from the vis_params variable in pages/10_🌍_Earth_Engine_Datasets.py, where user input is fed into eval(), enabling remote code execution. The issue is fixed in commit c4f81d9616d40c60584e36abb15300853a66e489. Affect...

CVE-2024-41116 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option vis_params

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 1254 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 1345, leading to remote code...

CVE-2024-41116 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option vis_params

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 1254 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 1345, leading to remote code...

CVE-2024-41115 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...

CVE-2024-41115 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...

CVE-2024-41115 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...

CVE-2024-41114 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 430 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 435, leading to remote code executio...

CVE-2024-41112 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option palette

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 380, leading to remote code execution. Commit...

CVE-2024-41112

CVE-2024-41112 affects streamlit-geospatial. The palette variable in pages/1_📷_Timelapse.py accepts user input and is used in eval() at line 380, enabling remote code execution prior to commit c4f81d9616d40c60584e36abb15300853a66e489. The commit fixes this issue. NVD lists CVSS v3.1 base score 9....

PT-2024-29275 · Unknown · Streamlit-Geospatial

Name of the Vulnerable Software and Affected Versions: streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description: The issue arises from the vis params variable, which takes user input in the 8 🏜️ Raster Data Visualization.py file. This input is later used i...

streamlit-geospatial 安全漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A security vulnerability exists in streamlit-geospatial, which originates in pages/1? The visparams variable in Timelapse.py accepts user input that is then used in the...

streamlit-geospatial 安全漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A security vulnerability exists in streamlit-geospatial, which originates in pages/1? The palette variable in Timelapse.py accepts user input that is then used in the eva...

CVE-2024-21552

CVE-2024-21552 – SuperAGI is affected by an Arbitrary Code Execution vulnerability due to unsafe use of the eval() function. The PT-2023-9274 document notes that all SuperAGI versions are vulnerable and that exploitation can allow a remote attacker to execute arbitrary code and take full control ...

CLSA-2024-1721401321 Fix CVE(s): CVE-2020-27619

SECURITY UPDATE: eval on content received via HTTP in test suite - debian/patches/CVE-2020-27619.patch: No longer call eval on content received via HTTP in the CJK codec tests - CVE-2020-27619...

CVE-2024-39173

calculator-boilerplate v1.0 was discovered to contain a remote code execution RCE vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field...

PT-2024-28377 · Unknown · Calculator-Boilerplate

Name of the Vulnerable Software and Affected Versions: calculator-boilerplate version 1.0 Description: The issue is related to a remote code execution RCE vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field. The...

CVE-2024-39173

calculator-boilerplate v1.0 was discovered to contain a remote code execution RCE vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field...

PYSEC-2024-62

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...

OSGeo GeoServer GeoTools Eval Injection Vulnerability

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input...