20 matches found
EUVD-2024-38939
Malicious code in bioql PyPI...
CVE-2024-41118
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 47 of pages/7📦WebMapService.py takes user input, which is passed to getlayers function, in which url is used with getwmslayer method...
CVE-2024-41115
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...
CVE-2024-41120 streamlit-geospatial blind SSRF in pages/9_🔲_Vector_Data_Visualization.py
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 63 of pages/9🔲VectorDataVisualization.py takes user input, which is later passed to the gpd.readfile method. gpd.readfile method create...
CVE-2024-41120 streamlit-geospatial blind SSRF in pages/9_🔲_Vector_Data_Visualization.py
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 63 of pages/9🔲VectorDataVisualization.py takes user input, which is later passed to the gpd.readfile method. gpd.readfile method create...
CVE-2024-41119 streamlit-geospatial remote code execution in pages/8_🏜️_Raster_Data_Visualization.py
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 80 in 8🏜️RasterDataVisualization.py takes user input, which is later used in the eval function on line 86, leading to remote code...
CVE-2024-41118 streamlit-geospatial blind SSRF in pages/7_📦_Web_Map_Service.py
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 47 of pages/7📦WebMapService.py takes user input, which is passed to getlayers function, in which url is used with getwmslayer method...
CVE-2024-41118 streamlit-geospatial blind SSRF in pages/7_📦_Web_Map_Service.py
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 47 of pages/7📦WebMapService.py takes user input, which is passed to getlayers function, in which url is used with getwmslayer method...
CVE-2024-41118
The CVE-2024-41118 entry concerns the open-source project streamlit-geospatial, where prior to commit c4f81d9616d40c60584e36abb15300853a66e489 the url variable in pages/7_📦_Web_Map_Service.py accepts user input and passes it into get_layers, which uses get_wms_layer to send requests to arbitrary ...
CVE-2024-41117 Remote code execution in streamlit geospatial in pages/10_🌍_Earth_Engine_Datasets.py
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 115 in pages/10🌍EarthEngineDatasets.py takes user input, which is later used in the eval function on line 126, leading to remote...
CVE-2024-41116
CVE-2024-41116 affects streamlit-geospatial. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the vis_params variable in pages/1_📷_Timelapse.py accepts user input and is subsequently used in eval(), enabling remote code execution. The commit cited fixes this issue. Several records (NVD, ...
CVE-2024-41116 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option vis_params
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 1254 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 1345, leading to remote code...
CVE-2024-41112
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 380, leading to remote code execution. Commit...
CVE-2024-41115
The CVE-2024-41115 entry concerns the streamlit-geospatial project, specifically the Timelapse page. Before commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1_📷_Timelapse.py accepts user input and is later used in an eval() on line 493, enabling remote co...
CVE-2024-41115 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...
CVE-2024-41114 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 430 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 435, leading to remote code executio...
CVE-2024-41113 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option vis_params
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 383 or line 390 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 395, leading to remote...
CVE-2024-41113 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option vis_params
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 383 or line 390 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 395, leading to remote...
CVE-2024-41113
CVE-2024-41113 affects streamlit-geospatial: a flaw in pages/1_📷_Timelapse.py where the vis_params user input is fed to eval(), enabling remote code execution. Root cause: unsanitized user input used in eval on lines 383–395. Impact: remote code execution with high confidentiality, integrity, and...
CVE-2024-41112
CVE-2024-41112 affects streamlit-geospatial. The palette variable in pages/1_📷_Timelapse.py accepts user input and is used in eval() at line 380, enabling remote code execution prior to commit c4f81d9616d40c60584e36abb15300853a66e489. The commit fixes this issue. NVD lists CVSS v3.1 base score 9....