CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41115 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette
https://notcve.org/view.php?id=CVE-2024-41115
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 488 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. • https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489 https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L488 https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L493 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41114 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option
https://notcve.org/view.php?id=CVE-2024-41114
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. • https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489 https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L430 https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L435 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41113 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option vis_params
https://notcve.org/view.php?id=CVE-2024-41113
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. • https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L383-L388 https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L390-L393 https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L395 https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489 https://securitylab.github.com/advisories/ • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41112 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option palette
https://notcve.org/view.php?id=CVE-2024-41112
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. • https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L373-L376 https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L380 https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489 https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial • CWE-20: Improper Input Validation •