Opengeos Streamlit-Geospatial vulnerabilities
9 known vulnerabilities affecting opengeos/streamlit-geospatial.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL9
Vulnerabilities
Page 1 of 1
CVE-2024-41115P2CRITICALCVSS 9.8fixed in 2024-07-19fixed in c4f81d9616d40c60584e36abb15300853a66e4892024-07-26
CVE-2024-41115 [CRITICAL] CWE-20 CVE-2024-41115: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 488 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853
nvd
CVE-2024-41113P2CRITICALCVSS 9.8fixed in 2024-07-19fixed in c4f81d9616d40c60584e36abb15300853a66e4892024-07-26
CVE-2024-41113 [CRITICAL] CWE-20 CVE-2024-41113: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. Commit c4f81d9616d40c6058
nvd
CVE-2024-41112P2CRITICALCVSS 9.8fixed in 2024-07-19fixed in c4f81d9616d40c60584e36abb15300853a66e4892024-07-26
CVE-2024-41112 [CRITICAL] CWE-20 CVE-2024-41112: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes
nvd
CVE-2024-41119P2CRITICALCVSS 9.8fixed in 2024-07-19fixed in c4f81d9616d40c60584e36abb15300853a66e4892024-07-26
CVE-2024-41119 [CRITICAL] CWE-20 CVE-2024-41119: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 80 in `8_🏜️_Raster_Data_Visualization.py` takes user input, which is later used in the `eval()` function on line 86, leading to remote code execution. Commit c4f81d9616d40c60584e3
nvd
CVE-2024-41114P2CRITICALCVSS 9.8fixed in 2024-07-19fixed in c4f81d9616d40c60584e36abb15300853a66e4892024-07-26
CVE-2024-41114 [CRITICAL] CWE-20 CVE-2024-41114: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853
nvd
CVE-2024-41117P2CRITICALCVSS 9.8fixed in 2024-07-19fixed in c4f81d9616d40c60584e36abb15300853a66e4892024-07-26
CVE-2024-41117 [CRITICAL] CWE-20 CVE-2024-41117: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 115 in `pages/10_🌍_Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leading to remote code execution. Commit c4f81d9616d40c605
nvd
CVE-2024-41116P2CRITICALCVSS 9.8fixed in 2024-07-19fixed in c4f81d9616d40c60584e36abb15300853a66e4892024-07-26
CVE-2024-41116 [CRITICAL] CWE-20 CVE-2024-41116: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. Commit c4f81d9616d40c60584e36abb153
nvd
CVE-2024-41120P3CRITICALCVSS 9.8fixed in 2024-07-19fixed in c4f81d9616d40c60584e36abb15300853a66e4892024-07-26
CVE-2024-41120 [CRITICAL] CWE-20 CVE-2024-41120: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 63 of `pages/9_🔲_Vector_Data_Visualization.py` takes user input, which is later passed to the `gpd.read_file` method. `gpd.read_file` method creates a request to arbitrary destinations,
nvd
CVE-2024-41118P3CRITICALCVSS 9.8fixed in 2024-07-19fixed in c4f81d9616d40c60584e36abb15300853a66e4892024-07-26
CVE-2024-41118 [CRITICAL] CWE-918 CVE-2024-41118: streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_📦_Web_Map_Service.py` takes user input, which is passed to `get_layers` function, in which `url` is used with `get_wms_layer` method. `get_wms_layer` method creates a req
nvd